Cloudflare blocked the largest-ever DDoS attack against a European network infrastructure company, which peaked at 22.2 Tbps and 10.6 Bpps. The hyper-volumetric attack has been linked to the Aisuru botnet and lasted just 40 seconds, but was double the size of the previous record. SecurityWeek reports: Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs. Aisuru has been around for more than a year. The botnet is powered by hacked IoT devices such as routers and DVRs that have been compromised through the exploitation of known and zero-day vulnerabilities. According to Cloudflare, the 22 Tbps attack was traced to over 404,000 unique source IPs across over 14 ASNs worldwide. "Based on internal analysis using a proprietary system, the source IPs were not spoofed," the company explained. The security firm described it as a UDP carpet bomb attack targeting an average of 31,000 destination ports per second, with a peak of 47k ports, all of a single IP address. Cloudflare revealed in July that the number of DDoS attacks it blocked in the first half of 2025 had already exceeded all the attacks mitigated in 2024.

Read more of this story at Slashdot.

A 22-year-old Oregon man has been charged with operating one of the most powerful botnets ever recorded. The network, known as Rapper Bot, launched over 370,000 DDoS attacks worldwide, including against X, DeepSeek, U.S. tech firms, and even Defense Department systems. It was allegedly operated by Ethan Foltz of Eugene, Oregon. The Wall Street Journal reports: Foltz faces a maximum of 10 years in prison on a charge of abetting computer intrusions, the Justice Department said in a news release. Rapper Bot was made up of tens of thousands of hacked devices and was capable of flooding victims' websites with enough junk internet traffic to knock them offline, an attack known as a distributed denial of service, or DDoS. In February, the networking company Nokia measured a Rapper Bot attack against a gaming platform at 6.5 trillion bits per second, well above the several hundred million bits a second of the average high-speed internet connection. "This would place Rapper Bot among the most powerful DDoS botnets to have ever existed," said a criminal complaint that the prosecutors filed Tuesday in a federal court in Alaska. Investigators said Rapper Bot's attacks were so powerful that they were able to overwhelm all but the most robust networks. Foltz allegedly rented out Rapper Bot to paying customers, including gambling website operators who would use the network in extortion attempts, according to the complaint. The botnet was used to launch more than 370,000 attacks in 80 countries, including China, Japan and the U.S., prosecutors said. It launched its attacks from hacked routers, digital video recorders and cameras, not from computers. [...] "At its height, it mobilized tens of thousands of devices, many with no prior role in DDoS," said Jerome Meyer, a researcher with Nokia's Deepfield network-analysis division. "Taking it down removes a major source of the largest attacks we see."

Read more of this story at Slashdot.