AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

The 31.4 Tbps burst generated by the AISURU/Kimwolf botnet marks the largest volumetric denial‑of‑service event ever recorded, dwarfing the previous benchmark of 24 Tbps observed during the “Night Before Christmas” campaign. Cloudflare’s telemetry shows that hyper‑volumetric attacks surged 40 % in Q4 2025, while the total number of DDoS incidents more than doubled year‑over‑year to 47.1 million. Such explosive growth reflects both the expanding bandwidth of compromised devices and the increasing willingness of threat actors to weaponize them against high‑value targets such as telecom carriers and cloud providers.

The botnet’s engine is built on an estimated two million hijacked Android devices, many of which are low‑cost smart TVs or off‑brand phones infected through the IPIDEA proxy ecosystem. IPIDEA distributed over 600 trojanized Android apps and thousands of counterfeit Windows binaries, turning ordinary consumer hardware into high‑throughput proxy exit nodes. This “residential‑proxy” model gives attackers access to diverse IP ranges and broadband capacities, enabling them to generate billions of packets per second without raising immediate alarms. The convergence of IoT insecurity and illicit proxy services is reshaping the threat landscape.

Defenders are responding by shifting away from legacy on‑premise scrubbing appliances toward cloud‑native DDoS mitigation platforms that can absorb multi‑terabit floods in real time. Cloudflare’s automatic mitigation of 34.4 million network‑layer attacks in 2025 illustrates the scalability required to protect global traffic. Enterprises, especially those in telecommunications and online gaming, should prioritize threat‑intelligence feeds, enforce strict device hygiene, and consider zero‑trust networking to limit exposure. As attackers continue to exploit consumer devices, the industry will likely see further escalation in attack size and sophistication, making proactive, cloud‑based defenses essential.