15 October 2025
Gcore has effectively thwarted one of the largest distributed denial-of-service (DDoS) attacks ever recorded.
The multi-regional assault peaked at an astonishing 6Tbps of bandwidth and a packet rate of 5.3Bpps. The attack targeted a hosting provider within the gaming industry, but its scale and methodology underscore a broader trend of increasingly sophisticated and intense DDoS campaigns aimed at diverse digital infrastructure sectors.
The attack was consistent with the AISURU botnet, a known threat actor linked to several recent high-impact incidents worldwide. Andrey Slastenov, Head of Security at Gcore, emphasised the rising threat landscape, noting that “this incident underscores an ongoing escalation in both the scale and sophistication of DDoS attacks. While this event was a short-burst volumetric flood, across the industry we see campaigns used to probe resilience or coincide with other attack vectors. Without robust, adaptive protection, organisations across tech, hosting, and enterprise sectors remain at risk.”
The attack’s main characteristics included a short duration of 30 to 45 seconds, with UDP protocol traffic dominating — a common feature in volumetric flood attacks. Approximately 75% of the malicious traffic originated from sources in Brazil (51%) and the United States (23.7%), reflecting the multi-regional and high-volume nature of the assault.
This incident aligns with insights from Gcore’s recent Radar report for Q1-Q2 2025, which revealed a 41% rise in DDoS attacks over the previous quarter. Notably, attacks targeting technology companies increased sharply, representing 30% of all incidents, suggesting a growing focus on high-value targets. The concentration of attack sources in regions with high device density and weaker security controls, such as Brazil and the US, highlights the evolving capabilities of botnets like AISURU to exploit unsecured infrastructure.
The attack’s characteristics reveal a strategic shift toward short-burst, high-intensity assaults aimed not only at causing disruption but also at probing the resilience of targeted infrastructure. For hosting providers, even a few seconds of downtime can lead to significant financial and reputational damage, reinforcing the importance of advanced, adaptive mitigation strategies. Slastenov stressed that deploying edge-layer filtering, Layer 7 behavioural analysis, and AI-driven defense mechanisms is now essential for organisations to defend against such threats.
Gcore’s global DDoS protection infrastructure, spanning over 210 Points of Presence with filtering capacity exceeding 200Tbps, successfully absorbed and neutralised the attack without impacting service continuity. The incident underscores the critical need for integrated, real-time, AI-powered DDoS defense solutions capable of inspecting traffic deeply and responding swiftly to complex, multi-vector attacks. As DDoS threats continue to evolve, organisations must prioritise resilient security architectures to safeguard their digital assets and maintain operational stability.
