Cloudflare has confirmed that it has successfully mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, an assault that underscores both the scale of modern cyberthreats and the growing sophistication of botnet operators. According to BleepingComputer, the attack peaked at a staggering 22.2 terabits per second (Tbps), nearly doubling the previous world record of 11.5 Tbps observed just three weeks earlier. As of September 2025, Cloudflare serves as a reverse proxy for nearly one-fifth of the global internet—approximately 19.8 percent of all active websites—making its infrastructure a high-value target for such large-scale disruptions.
The attack itself lasted only 40 seconds, but in that short window, it generated traffic equivalent to streaming one million 4K videos at once. The sheer volume was not just a matter of bandwidth. At its peak, the assault reached 10.6 billion packets per second (Bpps), which security analysts translate into about 1.3 page requests every second from every single person on Earth. That level of traffic poses a serious challenge to firewalls, routers, and load balancers, which must parse, inspect, and manage requests even if overall throughput can technically be absorbed by the network backbone.
While Cloudflare’s defenses absorbed the impact without reported downtime for its customers, the implications are troubling. Such high-intensity DDoS events suggest attackers are constantly expanding their capabilities, assembling larger botnets and finding new methods of amplification. Experts note that the previous record-setting attack just weeks earlier was attributed to the Aisuru botnet, a relatively new network of compromised devices. Whether the latest incident was orchestrated by the same group remains unknown, but the timing suggests a possible escalation.
For organizations that rely on the internet for critical services, this record-breaking assault serves as a reminder of the fragility of digital infrastructure under concentrated attack. Cloudflare’s ability to withstand such pressure highlights the necessity of large-scale, distributed mitigation networks, but also hints at a looming arms race between attackers and defenders. If terabit-per-second floods become routine, even the largest players may soon need to rethink the limits of their resilience strategies.
