In early September 2025, Cloudflare reportedly mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, which peaked at an unprecedented 11.5 terabits per second (Tbps).
Signifying the accelerating scale and sophistication of cyberattacks today, this massive DDoS attack lasted just 35 seconds but generated a staggering 5.1 billion packets per second. What makes this attack particularly concerning is that it used legitimate cloud infrastructure as a major attack vector.
In this case, Google Cloud was the passage. “The 11.5 Tbps attack was a UDP flood that mainly came from Google Cloud,” the company said in a post on X.
The 11.5 Tbps attack was primarily a UDP flood, a type of volumetric DDoS attack designed to overwhelm servers by exploiting the connectionless User Datagram Protocol (UDP). Attackers fire immense amounts of UDP packets at random ports, forcing targeted servers to waste resources responding with error messages. And at this stage, it can clog networks and knock services offline.
Although Google Cloud infrastructure initially appeared to be a major source, Cloudflare later clarified that the attack drew from multiple cloud providers and globally distributed IoT (Internet of Things) devices. This multi-vector approach allowed the attackers to amplify traffic and complicate attribution.
Cloud platforms, with their vast bandwidth and flexible compute resources, have unintentionally become a favored tool for attackers. The pay-as-you-go model allows bad actors to launch powerful attacks remotely by renting or hijacking cloud resources.
Cloudflare’s fast response to the attack highlights the importance of autonomous mitigation systems. Their global anycast network, spanning 477 data centers in 293 locations worldwide, quickly distributed and absorbed the attack traffic, preventing any single node from becoming overwhelmed.
Each data center runs an independent heuristic engine, nicknamed “dosd,” which detects anomalies by analyzing incoming packets for malicious signatures. This system can respond automatically in near real-time without the need for human intervention, applying targeted rate limits and blocking harmful packets within seconds.
Also reflecting how quickly DDoS threats are escalating, the attack surpassed the previous record of 7.3 Tbps mitigated by Cloudflare in June 2025 by nearly 60%.
