Analysis

Microsoft reported that the Aisuru botnet launched a 15.72 Tbps DDoS attack against Azure from over 500,000 IP addresses, peaking at about 3.64 billion packets per second with high-rate UDP floods aimed at a public IP in Australia; Azure noted minimal source spoofing, which aided traceback and provider enforcement. Cloudflare has attributed a separate Aisuru event to a record 22.2 Tbps/10.6 billion pps attack mitigated in September 2025 and Qi'anxin XLab linked an earlier 11.5 Tbps event when the botnet controlled roughly 300,000 bots, indicating rapid growth after a TotoLink firmware update server compromise that added ~100,000 infected devices in April 2025. The botnet exploits vulnerabilities in IP cameras, DVRs/NVRs, Realtek chips and consumer routers (T-Mobile, Zyxel, D-Link, Linksys), and operators have been manipulating DNS query volumes against Cloudflare's 1.1.1.1 service to distort public rankings. Cloudflare's disclosure of record mitigation volumes (21.3 million customer-targeted attacks in 2024 plus 6.6 million against its infrastructure) highlights rising operational, reputational and remediation costs for cloud and network providers and suggests increased demand for DDoS and edge-security services going forward. Microsoft's Azure experienced a high-profile, narrowly targeted outage attempt but benefited from characteristics that simplify mitigation and attribution; investors should watch subsequent Microsoft disclosures for remediation costs or SLA impacts. Cloudflare (NET) is a direct beneficiary of increased mitigation demand and has taken product and policy steps (redacting malicious domains) that may protect its DNS franchise but also underscore escalating backend costs. Telecom and consumer-hardware vendors named in the report face reputational and potential warranty/patching costs if vulnerabilities persist, creating downside risk for firms with large residential footprints and unpatched device bases.