Record-Breaking DDoS Attack Hits Hosting Provider; Cloudflare Mitigates 37.4TB Traffic Surge

In an incredible show of cyber defence, web security firm Cloudflare indicated on Thursday that it successfully blocked the largest DDoS (Distributed Denial-of-Service) attack ever recorded, which peaked at a massive 7.3 terabits per second (Tbps).The huge attack, noticed in mid-May 2025, targeted a unnamed hosting provider and lasted only 45 seconds—but in that time, it transmitted 37.4 terabytes of malicious traffic. 

DDoS attacks work by flooding a network or server with traffic, making it unreachable.In recent years, hosting providers and essential internet infrastructure have been more frequent targets of such attacks. According to Cloudflare's Omer Yoachimik, the recent attack is part of a larger and more dangerous pattern. 

The complexity and scope of this incident raise concerns.The attack flooded over 21,000 ports on a single IP address, peaking at 34,517 ports per second. It was a multi-vector assault that used a variety of DDoS strategies, including UDP floods (cyber-attacks that overwhelm a server with fake data to make it crash or go offline), QOTD and echo reflection attacks (this attacks trick servers into bouncing back data repeatedly, flooding the target with traffic), NTP reflection (type of attack where hackers misuse time servers to send large amounts of data to a target), portmap flood (an attack that sends massive fake requests to a server’s network service to overload and shut it down), and RIPv1 amplification (cyberattack that misuses an old network protocol to multiply and redirect traffic toward a victim). The UDP flood alone accounted for a massive 99.996% of the traffic. 

Cloudflare also disclosed that the attack was worldwide in scale, with traffic coming from more than 122,000 IP addresses in 161 countries and 5,433 different networks. Telefonica Brazil contributed the highest traffic (10.5%), followed by Viettel Group (9.8%) and large Chinese telecoms such as China Unicom and China Telecom. 

This is not the first significant attack that Cloudflare prevented this year. Previously in January, the company halted a 5.6 Tbps attack linked back to a Mirai-variant botnet, and in April, they defeated a 6.5 Tbps DDoS suspected to be the work of a botnet named Eleven11bot, which employs thousands of hijacked webcams and DVRs. 

Meanwhile, another botnet, RapperBot, which has been active since 2022, continues to cause trouble. According to Chinese cybersecurity firm QiAnXin, RapperBot was responsible for a February 2025 attack on AI startup DeepSeek. Uniquely, this malware is now attempting to extort victims by demanding protection money in exchange for not initiating DDoS attacks. 

RapperBot primarily targets routers, storage devices, and video recorders that have weak security, obtaining access via default passwords or software weaknesses. It communicates via DNS TXT records encrypted with custom algorithms, making it difficult to discover and block. Since March 2025, the botnet has launched attacks on over 100 targets every day, utilising more than 50,000 hacked devices. 

These instances illustrate the increasing danger of DDoS attacks and the critical need for improved cybersecurity measures.As threats evolve and botnets get more sophisticated, staying protected and updated becomes increasingly vital for both organisations and people.

Information referenced in this article is from The Hacker News