A record-breaking DDoS incident linked to the AISURU/Kimwolf botnet peaked at 31.4 Tbps and lasted 35 seconds in November 2025, with Cloudflare automatically detecting and blocking the attack. According to Cloudflare, the November 2025 event was part of a surge in hyper-volumetric HTTP DDoS attacks observed in late 2025, and the attacks in Q4 2025 increased by about 40% compared with the previous quarter.
The report notes that attacks grew by over 700% since late 2024, and that one attack reached 31.4 Tbps in a 35‑second window, the largest ever disclosed publicly by any company at the time. Attacks used UDP, TCP and GRE floods, with broadband disruptions from infected customer devices exceeding 1 Tbps and even 4gpps+ floods causing router line-card failures.
The Kimwolf Android botnet, newly linked to AISURU, has infected millions of devices and issued billions of DDoS commands, including 1.7 billion commands between 19 and 22 November 2025.