What was significant about the Microsoft Azure DDoS attack (2025)?
An IoT botnet (Aisuru) of ~500,000 hosts hit Azure at a record 15.72 Tbps, showing that insecure routers and cameras can fuel terabit-scale DDoS.
In November 2025 Microsoft's Azure cloud absorbed one of the largest distributed denial-of-service (DDoS) attacks ever recorded. It is a useful real-world illustration of the botnet concept: the firepower came not from powerful servers but from a huge swarm of compromised everyday internet-of-things (IoT) devices — routers and cameras — that had weak or default security.
Key facts about the attack:
- Peak intensity: 15.72 terabits per second
- Source: roughly 500,000 IP addresses
- Target: a single publicly accessible access point in Australia
- Protocol: UDP data streams
- Packet rate: over 3.6 billion packets per second
- Attributed to: the Aisuru botnet (IoT-based)
The lesson: the sheer number of insecure networked devices now in the world creates an ever-growing reservoir for botnets, pushing DDoS volumes into terabit territory. Vulnerabilities in cheap IoT gear are therefore a stability problem for the whole internet, not just for the device owner.
Go deeper:
Denial-of-service attack — Wikipedia — context on record-breaking volumetric DDoS and amplification.
Botnet — Wikipedia — why insecure IoT devices (routers, cameras) make such large botnets possible.