Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet

Microsoft recently mitigated a massive DDoS attack peaking at 15.72 Tbps, targeting a single endpoint in Australia. This attack, observed on November 18, 2025, utilized a UDP flood originating from over 500,000 source IPs and was powered by the AISURU botnet.

Why This Matters

Current DDoS mitigation infrastructure is built on assumptions of attack volume that are rapidly becoming outdated. The increasing prevalence of IoT devices and rising broadband speeds are enabling attackers to generate exponentially larger attacks, potentially overwhelming even well-protected systems and causing significant financial and reputational damage. The cost of downtime from a large-scale DDoS attack can easily reach millions of dollars per hour.

Key Insights

• 15.72 Tbps DDoS Attack, 2025: Microsoft reported the largest DDoS attack ever observed in the cloud.
• TurboMirai Botnets: AISURU and Eleven11 are examples of powerful IoT-based botnets used for DDoS and other malicious activities.
• .libre TLD: Alternative DNS roots like .libre are increasingly used by botnet operators to evade traditional security measures.

Practical Applications

• Use Case: Gaming companies are frequently targeted by AISURU, indicating a potential need for enhanced DDoS protection for online gaming infrastructure.
• Pitfall: Relying solely on IP reputation lists is insufficient; attackers leverage large botnets with constantly changing source IPs, requiring rate limiting and behavioral analysis.

References:

• https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html