Microsoft successfully mitigated the largest Distributed Denial-of-Service (DDoS) attack ever reported, which targeted one of its Azure cloud customers in Asia. The attack reached a peak traffic volume of 3.47 terabits per second (Tbps) and a packet rate of 340 million packets per second (pps).

The entire attack campaign lasted for more than 15 minutes and was composed of short-lived bursts of high-volume traffic. Azure’s DDoS protection platform was able to detect and mitigate the threat, safeguarding the targeted infrastructure.

Attack Vector and Global Distribution

The record-setting attack was launched from approximately 10,000 sources distributed across multiple countries. Key locations included the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Brazil. The attack vector employed was a User Datagram Protocol (UDP) reflection on port 3389, which corresponds to the Remote Desktop Protocol (RDP). This method involves sending small queries to a reflective service, which then directs a much larger response to the target’s spoofed IP address.

Attribution to the Aisuru Botnet

Microsoft attributed the massive DDoS attack to the Aisuru botnet, which is described as a new and powerful botnet considered an evolution of the Mirai malware. Security researchers believe Aisuru is controlled by a threat actor known as ‘Zhadnost’. This actor has been linked to pro-Russian hacktivist groups, including Killnet, and has previously claimed responsibility for attacks against Ukrainian websites and organizations supporting Ukraine.