A new DDoS record has been set. Cybersecurity firm Cloudflare has announced that it successfully mitigated the largest Distributed Denial-of-Service (DDoS) attack ever recorded—peaking at 7.3 terabits per second (Tbps) and delivering a staggering 37.4 terabytes of traffic in just 45 seconds.
The target of the attack was a hosting provider, whose name has not been disclosed. The event occurred in mid-May 2025 and adds to a growing trend of aggressive attacks against internet infrastructure providers.
Hosting Providers Are Prime Targets
According to Omer Yoachimik, security expert at Cloudflare, attackers are increasingly focusing on hosting services and other essential internet platforms. “Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks,” Yoachimik explained.
The attack was highly sophisticated and overwhelming in volume, targeting an average of 21,925 ports per second on a single IP address used by the hosting provider. At its peak, the attack hit 34,517 destination ports per second—a tactic referred to as carpet-bombing, which overwhelms systems by spreading the attack across many ports.
The massive DDoS flood was a multi-vector attack, meaning it used multiple types of attack methods simultaneously. Cloudflare identified the following techniques in the mix:
UDP flood (accounting for 99.996% of the traffic)
QOTD reflection
Echo reflection
NTP reflection
Mirai-based UDP flood
Portmap flood
RIPv1 amplification attack
These combined methods were used to amplify traffic, disrupt services, and make it harder to defend against the assault.
The attack was global in nature, coming from over 122,000 unique source IP addresses across 161 countries and 5,433 autonomous systems (ASNs).
The top 10 source countries included:
Brazil
Vietnam
Taiwan
China
Indonesia
Ukraine
Ecuador
Thailand
United States
Saudi Arabia
Some of the largest contributors were:
Telefonica Brazil (AS27699) – 10.5% of total traffic
Viettel Group (AS7552) – 9.8%
China Unicom (AS4837) – 3.9%
Chunghwa Telecom (AS3462) – 2.9%
China Telecom (AS4134) – 2.8%
The attack reached an average of 26,855 unique IPs per second, peaking at 45,097 during the short-lived assault.
This wasn’t Cloudflare’s first time stopping a high-volume DDoS attempt this year. In January 2025, the company blocked a 5.6 Tbps attack launched against an Internet Service Provider (ISP) in East Asia, likely powered by a Mirai-variant botnet. In April 2025, Cloudflare mitigated another 6.5 Tbps attack, likely originating from Eleven11bot, a botnet made up of about 30,000 hacked webcams and video recorders.
The recent 7.3 Tbps attack is part of a clear trend: DDoS attacks are growing in size, complexity, and frequency. These high-speed floods can bring down unprotected websites, cloud platforms, and even major service providers in seconds.
In a separate but related development, Chinese cybersecurity researchers from QiAnXin XLab reported that a powerful botnet known as RapperBot was behind a February 2025 DDoS attack on DeepSeek, an AI company.
RapperBot, which has been active since 2022, is now evolving. The malware behind the botnet not only launches attacks but also attempts to extort victims. It demands “protection fees”, threatening to DDoS companies unless they pay.
RapperBot primarily infects:
Routers
Network-attached storage (NAS) devices
Video recorders
It gains access through:
Default or weak passwords
Known firmware vulnerabilities
Once inside a device, it connects to remote servers using DNS TXT records, which are encrypted with custom algorithms. These encrypted messages are used to fetch instructions for DDoS attacks.
Devices infected with RapperBot have been identified in several countries, including:
China
United States
Israel
Mexico
United Kingdom
Greece
Iran
Australia
Malaysia
Thailand
According to QiAnXin, RapperBot has become significantly more active since March 2025, with:
Over 100 attack targets daily
More than 50,000 infected devices (bots) in use
These attacks target a wide range of sectors, such as:
Public administration
Social services
Internet platforms
Manufacturing
Banking and financial services
These latest DDoS events show that cyber attackers are not slowing down. Instead, they’re using more advanced botnets, larger attack volumes, and short, powerful bursts to overwhelm defenses. Hosting providers, cloud platforms, and AI companies are top targets—and organizations must invest in scalable DDoS protection.
As attack tools become more automated and decentralized, cybersecurity experts emphasize the need for real-time monitoring, botnet detection, and global mitigation strategies to stay ahead.
Interesting Article : CVE-2025-23121, Veeam Backup & Replication Hit by 9.9 Severity Vulnerability
Pingback: U.S. on High Alert: Pro-Iranian Hackers Likely to Strike American Networks