AI companies, critical infrastructure and Asia-origin botnets dominate an aggressive global DDoS landscape
Cloudflare has released its Q3 2025 DDoS Threat Report, revealing an alarming escalation in distributed denial-of-service activity, driven largely by the rise of the Aisuru botnet and the growing geopolitical and economic stakes surrounding digital infrastructure. Drawing insights from one of the world’s largest global networks, the report highlights how attackers are deploying unprecedented attack volumes while also shifting their focus toward high-visibility, high-impact industries.
At the center of this surge is Aisuru, a massive botnet with an estimated one to four million infected hosts, responsible for routinely generating attacks exceeding 1 Tbps and 1 billion packets per second. Cloudflare notes that hyper-volumetric attacks surged 54% quarter-on-quarter, underscoring a new phase of botnet sophistication. In parallel, AI companies witnessed a dramatic 347% month-on-month spike in DDoS traffic, reflecting growing public scrutiny, regulatory attention, and the heightened valuation of AI-driven services.
“DDoS activity is now tightly linked to geopolitical tensions and high-growth digital sectors.”
— Bashar Bashaireh, Area VP, Middle East, Türkiye & North Africa, Cloudflare
Geopolitical tensions, particularly EU-China trade frictions over rare earth minerals and EV tariffs, also shaped the threat environment. Industries tied to these tensions—Mining, Minerals & Metals, and Automotive—saw some of the sharpest increases in attack frequency, with the Automotive sector jumping 62 places to become the sixth most targeted globally.
Overall, Cloudflare mitigated 8.3 million DDoS attacks in Q3 alone—a 40% year-on-year rise—bringing the 2025 total to 36.2 million so far, already surpassing all of 2024 by 170%. Network-layer attacks accounted for 71% of all activity and grew nearly 90% quarter-on-quarter, driven by UDP floods, DNS abuse, and persistent Mirai-derived variants.
Asia remained the dominant source of attack traffic, led by Indonesia, while China, Turkey and Germany faced the highest attack volumes. Meanwhile, the United States climbed 11 spots, reflecting a growing focus on Western digital assets.
With the Middle East accelerating its digital transformation, the findings serve as a critical reminder that traditional, reactive defenses cannot keep pace with botnet-driven, machine-speed attacks. Cloudflare stresses the need for autonomous, real-time mitigation as the new baseline for cyber resilience.
