Cloudflare has sent us a copy of its quarterly DDoS threat report, and it makes for hair-raising reading. The gigantic CDN provider claims that it recorded “an unprecedented bombardment” from a botnet in the fourth quarter of 2025, resulting in a DDoS attack that peaked at 31.4 Terabits a second.
Cloudflare claims that this is “the largest attack ever disclosed publicly”, and “a new world record”. The attack is said to have been launched by the Aisuru/Kimwolf botnet against Cloudflare customers and its infrastructure, with the campaign itself dubbed “The Night Before Christmas”.
The campaign is believed to have begun on December 19, 2025, and it’s said that over 94% of the attacks delivered between one and five billion packets of unwanted traffic per second, with 58% of those lasting between one and two minutes.
It appears that similar attacks are on the rise, with Cloudflare claiming that in the final quarter of 2025, the amount of DDoS attacks overall grew by 31% quarter-over-quarter and 58% year-over-year.
Telecommunications providers are believed to have borne the brunt of so-called “hyper-volumetric” attacks, with 42% pointing their way. 15% are said to have targeted information technology and services providers, while a mere 2% affected gaming. Small mercies, I guess, although Arc Raiders developer Embark has recently complained of an “extensive” coordinated DDoS attack this week, which suggests that modern gaming providers are far from immune.
(Image credit: Westend61)
In terms of the most attacked locations for DDoS attacks in Q4 of 2025, China, Hong Kong, Germany, and Brazil make up the top four, with the US coming in fifth, just ahead of the UK. In terms of the geographical sources of the attacks, the report claims that Bangladesh tops the list, with Ecuador, Indonesia, Argentina and Hong Kong making up the rest of the top five.
The report highlights that the top 10 list of attack source networks “reads like a list of internet giants”, stating that:
“The common thread is clear: threat actors are leveraging the world’s most accessible and powerful network infrastructure, primarily large, public-facing services.”
Cloud computing providers like DigitalOcean, Microsoft, Tencent, Oracle and Hetzner are claimed to be the largest sources of DDoS attacks, “demonstrating the strong link between easily-provisioned virtual machines and high-volume attacks”.
Ah, it’s a scary digital world out there. By the looks of this data, it seems it might not be long before this new record is broken, although Cloudflare says that over 50% of HTTP DDoS attacks were detected and mitigated by its new real-time botnet detection system. So, it’s the same old game of cat and mouse—but this particular squeaker seems to be getting larger every year.
