Home DDoS Related The 29.69 Tbps DDoS Attack That Shook the Internet

The 29.69 Tbps DDoS Attack That Shook the Internet

Last updated on Oct 09, 2025

The cybersecurity landscape faced another major tremor this week as reports confirmed a record-breaking 29.69 Tbps distributed denial-of-service (DDoS) attack, suspected to be orchestrated by the Aisuru botnet. This marks one of the largest coordinated DDoS assaults ever recorded, once again targeting global gaming networks and infrastructure providers.

What Happened

According to FastNetMon’s analysis, the incident unfolded on October 6 2025 and caused widespread connectivity disruptions across gaming platforms, content networks, and hosting providers.
The Aisuru botnet, first observed earlier this year, appears to have evolved rapidly - both in capacity and coordination.

This new wave utilized a TCP-based “carpet bomb” technique, distributing massive volumes of traffic across numerous IPs and ports simultaneously. This method not only increases total throughput but also complicates detection and mitigation, since it blends malicious packets within legitimate traffic patterns.

Key Impacts

  • Multiple major gaming networks (including Steam, Riot, and PlayStation Network) experienced degraded performance and partial outages.

  • Infrastructure providers such as AWS and OVH noted regional latency spikes and temporary routing congestion.

  • Estimated peak traffic reached 29.69 Tbps, surpassing previous global records.

  • The attack vectors leveraged compromised routers and IoT devices in previously unmonitored subnets, expanding Aisuru’s footprint.

Why It Matters

This event underscores a worrying evolution in large-scale botnets:

  • Smarter attacks: Aisuru’s distributed approach makes single-target filtering nearly impossible.

  • Record throughput: Attack volume now exceeds what many scrubbing centers can process in real time.

  • Cross-industry exposure: The gaming sector remains a favorite target due to constant high-bandwidth requirements and low tolerance for latency.

While global mitigation networks absorbed most of the blow, the event demonstrates that even enterprise-grade providers are vulnerable when faced with next-generation DDoS coordination.

The Aisuru Threat

Researchers have linked Aisuru to a diverse infrastructure spanning multiple regions and ASNs, suggesting a mix of consumer-grade routers, cloud instances, and hijacked IoT endpoints.
Unlike older botnets, Aisuru emphasizes sustained, low-level probing before full-scale activation - giving it better timing accuracy and reducing early detection likelihood.

FastNetMon’s telemetry hints at synchronized bursts of TCP ACK and SYN traffic with random payload padding - a method designed to overwhelm inspection layers without triggering pattern-based defenses.

What Comes Next

The scale of this attack will likely push providers and mitigation networks to reevaluate their peering routes, capacity thresholds, and interconnection resilience.
As amplification vectors diversify and infected endpoints proliferate, proactive traffic engineering will be the deciding factor in whether future events cause brief slowdowns or full outages.

Expanse Statement

While several networks experienced partial degradation during the Aisuru incident, Expanse’s infrastructure remained stable and unaffected.
Our current defense stack using G-Core / GSL global filtering - successfully handled related traffic without downtime.

We remain committed to ensuring constant reliability and top-tier protection, even during the most extreme network events.