alt Hacker NewsAzure hit by 15 Tbps DDoS attack using 500k IP addresses
Comments
> it suddenly ballooned in size in April 2025 after its operators breached a TotoLink router firmware update server and infected approximately 100,000 devices
This is scary. Everyone lauds open source projects like OpenWRT but... who is watching their servers?
I imagine you can't run an army of security people on donations and a shoestring budget. Does OpenWRT use digital signing to mitigate this?
I will never understand why there isn’t an international law enforcement agency with teeth, which can get rid of the bad actors.
A DDoS attack is often used to distract a company's security team. While the security staff is scrambling to get the website back online, the attackers use the chaos to conduct a more serious, stealthy attack.
Funny enough just got an error trying to reach to the blog
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server> This attack lasted only 40 seconds but was roughly equivalent to streaming one million 4K videos simultaneously.
Who is this for? Is there anyone reading the article that can't grasp what a terrabit is but can somehow conceptualise one million 4k videos streaming simultaneously? I don't think anyone sits in that venn diagram.
IoT is just wave after wave of unsecure devices. There's gotta be a better way.
Cui bono?
There is a big (opportunity) cost to this kind of thing, How is this worthwhile for anyone? I assume that its's not just a competitor. Is it really worth <insert evil country>'s time to temporarily upset one of of three big cloud providers? Is there a ransom behind the scenes?
> it targeted a single endpoint in Australia.
It would really help to understand why attack one endpoint with "the largest DDoS attack ever observed in the cloud". If it was important, it would be redundant in its CDN. Who paid for this attack and what did they gain?
I feel like posting the traffic output of the network might not be a great idea because they might do these attacks on purpose to market their network's capability.
I don’t mean to cast any doubt, but are those short articles the standard, or why was there almost no data provided?
Imagine how much of that traffic was just the bots following the endless redirects.
Related. Others?
Cloudflare scrubs Aisuru botnet from top domains list - https://news.ycombinator.com/item?id=45857836 - Nov 2025 (34 comments)
Aisuru botnet shifts from DDoS to residential proxies - https://news.ycombinator.com/item?id=45741357 - Oct 2025 (59 comments)
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS - https://news.ycombinator.com/item?id=45574393 - Oct 2025 (142 comments)