Cloudflare Blocks Record-Breaking DDoS Attack
Cloudflare recently announced the successful thwarting of one of the most massive distributed denial-of-service (DDoS) attacks ever recorded. This attack peaked impressively at 7.3 terabits per second (Tbps) and targeted an undisclosed hosting provider.
The Scale of the Attack
The incident, which was detected in mid-May 2025, showcased the evolving dangers of cyber threats, particularly against hosting providers and essential internet infrastructure. Omer Yoachimik from Cloudflare emphasized the severity of the attack, revealing that it unleashed a staggering 37.4 terabytes of data over a mere 45 seconds.
Previously, Cloudflare had battled significant DDoS attacks, including a 5.6 Tbps assault on an internet service provider in Eastern Asia and a 6.5 Tbps attack attributed to a botnet known as Eleven11bot. These situations indicate a growing trend where major digital players are routinely targeted.
Technical Breakdown of the Attack
The recent 7.3 Tbps attack targeted a specific IP address and affected an astonishing average of 21,925 destination ports. It even reached a peak of 34,517 destination ports per second. The multi-vector assault included various threat types, primarily driven by a UDP flood. This single attack type accounted for an overwhelming 99.996% of the traffic.
Attack vectors included:
- UDP Flood
- QOTD Reflection Attack
- Echo Reflection Attack
- NTP Reflection Attack
- Mirai UDP Flood Attack
- Portmap Flood
- RIPv1 Amplification Attack
Cloudflare reported that the attack emanated from over 122,145 unique source IP addresses, spread across 5,433 autonomous systems in 161 countries. Notably, countries such as Brazil, Vietnam, and the United States were among the top contributors to the surge in attack traffic.
Geographic Distribution of Attack Sources
In this global digital assault, Telefonica Brazil, Viettel Group from Vietnam, and several Chinese telecommunications operators emerged as significant players:
- Telefonica Brazil (AS27699) – 10.5% of total traffic.
- Viettel Group (AS7552) – 9.8%.
- China Unicom (AS4837) – 3.9%.
- Chunghwa Telecom (AS3462) – 2.9%.
- China Telecom (AS4134) – 2.8%.
Yoachimik also highlighted the high variability in attack sources, noting an average of 26,855 unique IP addresses per second, with a peak reaching 45,097.
Emerging Threats: RapperBot
This alarming DDoS incident coincides with findings regarding a malware strain known as RapperBot. According to the QiAnXin XLab team, this botnet was reportedly behind an attack against the AI firm DeepSeek earlier in February 2025. Recent developments in RapperBot have indicated attempts to extort payments from victims to prevent future DDoS assaults.
RapperBot has primarily infected devices across numerous countries, including the United States, China, Israel, and several in Europe. The malware targets devices with weak security settings, like default passwords and outdated firmware, to gain access and issue DDoS attack commands.
The Evolving Landscape of Cybersecurity
Interestingly, cloud-based DDoS mitigation strategies are becoming increasingly crucial as the frequency and scale of attacks rise. Cloudflare’s mitigation techniques not only illustrate advancements in cybersecurity but also underscore the persistent threat that individuals and organizations face in the digital realm.
As campaigns like those driven by RapperBot escalate, the need for robust defense mechanisms is paramount. The landscape of cybersecurity is rapidly evolving, pushing companies to stay ahead of potential threats while maintaining the integrity and availability of their services.
For those involved in managing network infrastructure, understanding the nature of these attacks and employing strong security measures remains essential in preventing future vulnerabilities.
