Cloudflare stops massive 11.5 Tbps DDoS attack, breaking previous records

Cloudflare said it successfully mitigated the largest recorded volumetric distributed denial-of-service (DDoS) attack to date, which peaked at 11.5 terabits per second.

The internet infrastructure company disclosed the incident Tuesday, noting that its defenses had automatically blocked hundreds of hyper-volumetric attacks in recent weeks. The largest of these, a 35-second UDP flood, reached 11.5 Tbps and originated primarily from Google Cloud, according to Cloudflare.

Volumetric DDoS attacks attempt to overwhelm a target with massive data traffic, consuming bandwidth and exhausting system resources until legitimate users are unable to access services.

This marks the second time in two months that Cloudflare has set a new record for DDoS mitigation. In June, it announced that it had stopped a 7.3 Tbps attack against an unnamed hosting provider. The previous record stood at 3.8 Tbps, an incident the company mitigated in October 2024.

Rival tech companies have also faced large-scale assaults. Microsoft reported mitigating a 3.47 Tbps DDoS attack on its Azure cloud platform in January 2022, and in July 2024, another wave of attacks disrupted Microsoft 365 and Azure services worldwide.

Cloudflare has documented a sharp increase in such activity. In its first-quarter 2025 DDoS Report, the company revealed that it blocked 21.3 million DDoS attacks against its customers in 2024, in addition to 6.6 million attacks against its own network. The report highlighted a 358 percent year-over-year increase in overall attacks and a 509 percent surge in network-layer incidents.