News
Record-Breaking Cloudflare Aisuru Botnet Attack: The Largest Cyberattack in History (2026)
Feb
If your internet felt unusually slow or your favorite streaming services blinked out late last month, you weren’t imagining it. You were likely feeling the aftershocks of the largest cyberattack in history.
On January 30, 2026, Cloudflare officially confirmed that the internet narrowly escaped a catastrophic blackout. A new, hyper-volumetric botnet known as “Aisuru” (also identified as Kimwolf) launched a staggering 31.4 Terabits per second (Tbps) DDoS attack, targeting the backbone of global telecommunications.
To put this into perspective, this single attack generated traffic roughly three times the volume of the entire global internet just a decade ago—all aimed at a single target.
Here is the comprehensive report on the attack campaign security researchers are calling “The Night Before Christmas.”
The Weapon: What is the Aisuru Botnet?
The Aisuru botnet represents a terrifying evolution in cyber warfare. Unlike previous attacks that relied heavily on hijacked servers or spoofed traffic, Aisuru is a “living” weapon. It is powered by millions of compromised consumer devices—specifically Android TV boxes and cheap residential routers.
This is not a theoretical threat; it is a massive “Zombie Army” sitting in living rooms across the globe. Hackers have effectively turned these streaming devices into a global cannon, capable of firing more data than most nation-states can handle. By utilizing a proxy network of these infected devices, the attackers can mask their true location, making the traffic appear to come from legitimate residential IP addresses.
Key Characteristics of Aisuru (Kimwolf):
- Source: Compromised consumer IoT devices (Android TV boxes, residential routers).
- Method: Exploits unpatched vulnerabilities and default passwords.
- Scale: Millions of active nodes coordinating simultaneously.
Anatomy of the Attack: 31.4 Tbps Explained
The numbers associated with this DDoS (Distributed Denial of Service) attack are difficult to comprehend. On December 19, 2025, the attack peaked at 31.4 Tbps and simultaneously hit 200 million requests per second (rps).
To visualize the scale of this history-making event, consider the growth of attack volumes over the last few years:
| Year | Attack Name/Type | Peak Volume |
|---|---|---|
| 2020 | Amazon AWS Attack | 2.3 Tbps |
| 2021 | Microsoft Azure Attack | 3.47 Tbps |
| 2023 | Google Cloud HTTP | 398 Million rps |
| 2026 | Aisuru (Cloudflare) | 31.4 Tbps / 200 Million rps |
This hyper-volumetric attack was designed to saturate network cables and overwhelm the processing power of the most robust firewalls on earth.
The Vulnerability: Your Android TV Box
How did hackers amass such power? The answer lies in the device you might be using to watch Netflix or YouTube.
Cheap Android TV boxes often run on outdated versions of the Android operating system and lack essential security updates. Many of these devices ship with open “backdoors” intended for debugging, which hackers can easily exploit.
Once infected, your device becomes a “bot.” It continues to stream your movies normally, but in the background, it is sending massive amounts of malicious traffic to a target chosen by the attacker. This creates a massive proxy network that is incredibly difficult to filter because the traffic comes from real homes, not data centers.
Note: If you are using a generic Android TV box or an unpatched router, you might unknowingly be a soldier in the biggest cyberwar in history.
Targeting the Backbone: Telecoms and ISPs
The Aisuru campaign was highly targeted. The attackers did not just go after a random website; they aimed for the infrastructure of the internet itself.
- Primary Victims: Telecom companies and Internet Service Providers (ISPs). The goal was likely to knock entire regions offline by flooding the “pipes” that carry the internet to our homes.
- Collateral Damage: The attack also targeted Cloudflare’s own dashboard and infrastructure, attempting to blind the very shield protecting the victims.
By attacking the telecom infrastructure, the botnet aimed to cause cascading outages that would affect millions of users, disrupting banking, emergency services, and communication networks.
How Cloudflare Mitigated the Threat
Despite the unprecedented ferocity of the attack, the internet held up. Cloudflare, a global web infrastructure and security company, successfully mitigated the assault.
Using their automated report and detection systems, Cloudflare was able to identify the malicious traffic signature of the Aisuru botnet and scrub it before it could take down the target networks.
However, Cloudflare has issued a stark warning: while they stopped this attack, the existence of a 31.4 Tbps weapon is a terrifying escalation. The “Aisuru” botnet is still active and growing as we move further into 2026.
Security Tips: Protect Your Devices in 2026
To ensure you are not part of the problem, follow these critical security steps immediately:
- Update Your Firmware: Check your router and Android TV box for the latest software updates.
- Change Default Passwords: Never use the default “admin/admin” username and password for your IoT devices.
- Disable Remote Access: Turn off “Remote Management” or “UPnP” on your router if you don’t use it.
- Buy from Reputable Brands: Avoid ultra-cheap, unbranded streaming devices, as they often lack security support.
- Monitor Your Network: If your internet is inexplicably slow, restart your router and check for unknown devices on your network.
Conclusion
The Cloudflare Aisuru Botnet Attack of late 2025/early 2026 serves as a wake-up call for the digital world. We are no longer facing simple vandals; we are facing automated, hyper-volumetric weapons capable of challenging the global infrastructure of the internet.
As news of this attack spreads, it is vital for consumers and corporations alike to take security seriously. The internet survived “The Night Before Christmas,” but the zombie army is still out there, waiting for its next command.
Resources
- TechRadar: The biggest DDoS attack ever has been detected – but fortunately you probably barely noticed it.
- PcGamer: ‘An unprecedented bombardment’: Cloudflare claims a new world record for a 31.4 Tbps DDoS botnet attack it recorded late last year.
- SDXCentral: Cloudflare snared Internet’s greatest DDoS threat in another record breaking attempt.
Frequently Asked Questions (FAQs)
The Aisuru botnet (also known as Kimwolf) is a massive network of compromised consumer devices, primarily Android TV boxes and routers. In late 2025, it launched the largest cyberattack in history, generating a record-breaking 31.4 Tbps of malicious traffic. Hackers use this “zombie army” to launch DDoS attacks against major targets like telecom companies.
If your Android TV box is infected, you may notice it running slower than usual, overheating, or causing your home internet connection to lag. In some cases, you might see unknown apps installed on your device. To check, look for “Remote Management” settings you didn’t enable, or use a network monitoring tool to see if the device is sending high traffic when you aren’t using it.
The record-breaking DDoS attack reported by Cloudflare on January 30, 2026, peaked at 31.4 Terabits per second (Tbps) and hit a request rate of 200 million requests per second (rps). This volume is roughly three times larger than the entire global internet traffic from a decade ago.
Yes, in most cases, performing a factory reset on your Android TV box or router will remove the active malware. However, if the device has unpatched security vulnerabilities (common in cheap, unbranded boxes), it can be reinfected within minutes of reconnecting to the internet unless you update its firmware immediately.
Hackers target Android TV boxes because they often have powerful processors (needed for streaming 4K video) and are rarely updated by their owners. Many cheap or “jailbroken” streaming boxes also come with weak default passwords or open security ports, making them easy to hijack and add to a proxy network for launching attacks.
