The 29.69 Tbps DDoS Attack That Shook the Internet
The cybersecurity landscape faced another major tremor this week as reports confirmed a record-breaking 29.69 Tbps
distributed denial-of-service (DDoS) attack, suspected to be orchestrated by the Aisuru botnet. This marks one of the
largest coordinated DDoS assaults ever recorded, once again targeting global gaming networks and infrastructure
providers.
What Happened
According to FastNetMon’s analysis, the incident unfolded on October 6 2025 and caused widespread connectivity
disruptions across gaming platforms, content networks, and hosting providers.
The Aisuru botnet, first observed earlier this year, appears to have evolved rapidly - both in capacity and
coordination.
This new wave utilized a TCP-based “carpet bomb” technique, distributing massive volumes of traffic across numerous IPs
and ports simultaneously. This method not only increases total throughput but also complicates detection and mitigation,
since it blends malicious packets within legitimate traffic patterns.
Key Impacts
- Multiple major gaming networks (including Steam, Riot, and PlayStation Network) experienced degraded performance and
partial outages.
- Infrastructure providers such as AWS and OVH noted regional latency spikes and temporary routing congestion.
- Estimated peak traffic reached 29.69 Tbps, surpassing previous global records.
- The attack vectors leveraged compromised routers and IoT devices in previously unmonitored subnets, expanding
Aisuru’s footprint.
Why It Matters
This event underscores a worrying evolution in large-scale botnets:
- Smarter attacks: Aisuru’s distributed approach makes single-target filtering nearly impossible.
- Record throughput: Attack volume now exceeds what many scrubbing centers can process in real time.
- Cross-industry exposure: The gaming sector remains a favorite target due to constant high-bandwidth requirements and
low tolerance for latency.
While global mitigation networks absorbed most of the blow, the event demonstrates that even enterprise-grade providers
are vulnerable when faced with next-generation DDoS coordination.
The Aisuru Threat
Researchers have linked Aisuru to a diverse infrastructure spanning multiple regions and ASNs, suggesting a mix of
consumer-grade routers, cloud instances, and hijacked IoT endpoints.
Unlike older botnets, Aisuru emphasizes sustained, low-level probing before full-scale activation - giving it better
timing accuracy and reducing early detection likelihood.
FastNetMon’s telemetry hints at synchronized bursts of TCP ACK and SYN traffic with random payload padding - a method
designed to overwhelm inspection layers without triggering pattern-based defenses.
What Comes Next
The scale of this attack will likely push providers and mitigation networks to reevaluate their peering routes, capacity
thresholds, and interconnection resilience.
As amplification vectors diversify and infected endpoints proliferate, proactive traffic engineering will be the
deciding factor in whether future events cause brief slowdowns or full outages.
Expanse Statement
While several networks experienced partial degradation during the Aisuru incident, Expanse’s infrastructure remained
stable and unaffected.
Our current defense stack using G-Core / GSL global filtering - successfully handled related traffic without downtime.
We remain committed to ensuring constant reliability and top-tier protection, even during the most extreme network
events.
