Cloudflare, an internet infrastructure company, has announced that it recently mitigated the largest distributed denial-of-service (DDoS) attack ever recorded, which reached an unprecedented peak of 11.5 terabits per second (Tbps). This comes just a few months after the company reported another record-breaking attack in June 2025.
In a volumetric DDoS attack, the target is overwhelmed with an enormous volume of data, which consumes bandwidth and exhausts system resources, making it impossible for legitimate users to access the services and servers they are trying to reach.
The company shared a brief update about the attack on Tuesday, September 2, 2025, in a tweet: “Cloudflare’s defenses have been working overtime. Over the past few weeks, we’ve autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the largest reaching peaks of 5.1 Bpps and 11.5 Tbps.”
The 11.5 Tbps UDP flood attack lasted approximately 35 seconds. Cloudflare initially stated that the attack primarily originated from Google Cloud, but later issued a correction. In a subsequent statement, the company said the “attack in fact came from a combination of several IoT and cloud providers.”
A Google Cloud spokesperson corroborated this, telling BleepingComputer: “Our abuse defenses detected the attack, and we followed proper protocol in customer notification and response. Initial reports suggesting that the majority of traffic came from Google Cloud are not accurate.”
This latest record-breaking attack highlights a rapidly escalating trend. It follows a 7.3 Tbps DDoS attack that Cloudflare mitigated in June 2025, which itself was a new record at the time. The previous high was a 3.8 Tbps attack, which Cloudflare blocked in October 2024. Other significant attacks have also been noted in recent years, including a 3.47 Tbps volumetric DDoS attack that Microsoft mitigated in January 2022 against an Azure customer. Microsoft was also targeted in another large-scale DDoS attack in July 2024, which disrupted multiple Microsoft 365 and Azure services worldwide.
The significant increase in attack volume and frequency is also reflected in Cloudflare’s Q1 2025 DDoS Report, released in April. The report revealed that the company mitigated a record number of DDoS attacks in 2024, with a 198% quarter-over-quarter increase and a massive 358% year-over-year jump.
The report specified that Cloudflare mitigated a total of 21.3 million DDoS attacks that targeted its customers last year, as well as its own infrastructure in 6.6 million attacks over an 18-day multi-vector campaign.
“Of the 20.5 million DDoS attacks, 16.8M were network-layer DDoS attacks, and of those 6.6M targeted Cloudflare’s network infrastructure directly,” Cloudflare stated at the time. “These attacks were part of an 18 day multi-vector DDoS campaign comprising SYN flood attacks, Mirai-generated DDoS attacks, SSDP amplification attacks to name a few.”
Network-layer attacks have seen the most significant increase since the beginning of 2025, reaching a 509% year-over-year increase.
