Massive DDoS Attack Hits 7.3 Tbps Delivering 37.4 Terabytes in 45 Seconds
The internet witnessed a new record in cyberattacks last month as Cloudflare, blocked the largest distributed denial-of-service (DDoS) attack ever recorded.
The attack peaked at an astonishing 7.3 terabits per second (Tbps), overwhelming its target with 37.4 terabytes of data in just 45 seconds.
The attack, detected in mid-May 2025, targeted an unnamed hosting provider that relied on Cloudflare’s Magic Transit service for network defense.
The scale of the assault was unprecedented, surpassing previous records by 12% and delivering a data deluge equivalent to streaming nearly a year’s worth of high-definition video or downloading over 9,350 full-length HD movies in under a minute.
Cloudflare compared the 37.4 TB delivered in 45 seconds to downloading 9.35 million songs or snapping 12.5 million high-resolution photos in less than a minute — a volume that would keep a listener busy for 57 years or a photographer snapping daily for 4,000 years.
Attack Anatomy
The DDoS campaign was highly sophisticated, bombarding an average of 21,925 destination ports on a single IP address, peaking at 34,517 ports per second.
The attack originated from a massive botnet, with over 122,145 unique source IP addresses spanning 5,433 autonomous systems across 161 countries.
Nearly half of the attack traffic came from Brazil and Vietnam, each contributing roughly a quarter of the volume.
Other significant sources included Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia.
The largest share of traffic was traced to Telefonica Brazil (10.5%) and Viettel Group of Vietnam (9.8%), with other major telecoms from Asia and Latin America also implicated.
While the attack was multi-vector, it was dominated by UDP floods, which accounted for 99.996% of the traffic.
The remaining fraction included a combination of QOTD (Quote of the Day) reflection, Echo reflection, NTP (Network Time Protocol) reflection, Mirai UDP floods, Portmap floods, and RIPv1 amplification attacks.
These vectors exploited legacy protocols and misconfigured servers to amplify the attack, making mitigation more challenging.
By routing malicious traffic to the nearest of its 477 data centers in 293 locations worldwide, Cloudflare was able to absorb and neutralize the attack close to its sources, minimizing disruption for legitimate users.
The company’s autonomous DDoS mitigation system, powered by real-time fingerprinting and advanced heuristics, quickly identified attack patterns and dropped malicious packets while allowing legitimate traffic to flow uninterrupted.
This record-breaking attack underscores the increasing scale and sophistication of DDoS threats facing critical internet infrastructure.
As attackers harness larger botnets and exploit outdated protocols, robust, automated defenses and global visibility are more essential than ever for organizations seeking to safeguard their networks.