Microsoft Azure Blocks Record-Breaking 15.72 Tbps DDoS Attack Without Service Disruption

Microsoft Azure’s DDoS Protection platform recently defended against what the company describes as the largest cloud-based distributed denial-of-service (DDoS) attack ever recorded. The attack, which peaked at 15.72 terabits per second (Tbps), was launched from more than 500,000 unique IP addresses, yet Azure’s infrastructure prevented any customer downtime.

What Happened

On October 24, 2025, Azure automatically detected and mitigated a multi-vector DDoS attack. The attack generated nearly 3.64 billion packets per second, focused on a single public IP in Australia. Cybersecurity analysts traced the assault to the Aisuru botnet, a “Turbo Mirai”-class Internet-of-Things (IoT) botnet composed of compromised home routers and security cameras. 

The attack used high-rate UDP floods with minimal source spoofing and randomized source ports, features that helped Azure trace the origin of the traffic.

How Azure Responded

Azure’s global DDoS protection infrastructure detected the surge in traffic and immediately redirected and filtered out malicious packets. According to Microsoft, no customer-facing services were disrupted during the incident. Because the attack used real IPs rather than spoofed addresses, Microsoft could more easily trace the sources of attack traffic.

Significance and Context

The scale of this attack marks a new milestone in cloud-based cyber threat activity. Microsoft and independent cybersecurity observers note that this is the largest DDoS attack ever observed in a cloud environment.

The Aisuru botnet, which Microsoft identified as the attacker, has been linked to previous large-scale DDoS events. In earlier months, its nodes were estimated at around 300,000 compromised IoT devices. The botnet reportedly grew faster in April 2025 after its operators exploited a firmware update server of a low-cost router manufacturer.

This event also comes amid reports of even larger attacks tied to Aisuru. The same botnet reached 20 Tbps in attack capacity just days before this incident. 

Broader Implications

The incident underscores how vulnerable consumer IoT devices remain as potential tools for large-scale cyberattacks. As more households adopt fast internet connections and deploy smart devices, distributed botnets like Aisuru can marshal greater power. 

It also highlights the importance of robust, always-on DDoS protection for cloud services. For organizations that rely on internet-facing workloads, the lesson is clear: proactive defense and continuous readiness are now essential.

Connections to Wider Cybersecurity Landscape

In other recent developments, the growing threat surface posed by insecure IoT devices as 5G infrastructure expands. Meanwhile, changes in the cybersecurity threat model, such as the rise in cloud-based assaults, reinforce the need for enterprises to rethink their risk strategy. For those looking to deepen their understanding of cyber defense, TECHi’s guide to the “30 Cybersecurity Books to Read in 2025” remains a timely resource.  Finally, this attack adds to growing concern over third-party risk, an issue that has affected companies across sectors, including the recent Allianz Life data breach.

Conclusion

The 15.72 Tbps DDoS attack on Microsoft Azure is a stark reminder of the evolving scale of cyber threats. Thanks to Azure’s advanced DDoS protection, the assault was contained without service disruption. However, the event also signals the growing power of IoT-based botnets and the need for constant vigilance in cloud security. As cyberattacks continue to grow in size and complexity, organizations must adopt layered defenses and prepare for even more challenging threat scenarios.