KrebsOnSecurity targeted in one of the largest DDoS attacks ever recorded

KrebsOnSecurity, the widely followed cybersecurity blog run by journalist Brian Krebs, was recently the target of a near-record-breaking distributed denial of service (DDoS) attack that briefly surged to an unprecedented 6.3 terabits per second, according to a statement from Google and the blog’s author.

The massive attack, which occurred on May 12 and lasted approximately 45 seconds, was detected and mitigated by Google’s Project Shield—a free security initiative designed to protect independent media, human rights organizations, and election-monitoring groups from cyber threats. Despite the scale of the assault, there was no visible disruption to the blog.

“Google Security Engineer Damian Menscher told KrebsOnSecurity the May 12 attack was the largest Google has ever handled,” Krebs wrote in a post detailing the incident. The attack, while brief, underscores the evolving and intensifying nature of DDoS threats in the modern threat landscape.

The source of the attack has been linked to the Aisuru botnet, a rapidly growing and highly capable network of compromised Internet of Things (IoT) devices, including routers and DVRs. First emerging in 2024, Aisuru has since expanded its reach and is known for offering DDoS-for-hire services through platforms like Telegram for a few hundred dollars per week.

Security researchers believe the incident may have been a test run for the botnet’s capabilities. The volume of traffic—approximately 585 million UDP packets per second targeting random ports—places it among the most aggressive attacks ever observed. Cloudflare previously coined the term “hyper-volumetric” to describe attacks exceeding 1 Tbps, which are capable of saturating entire networks with traffic in a matter of seconds.

The largest DDoS attack on record remains a 6.5 Tbps strike mitigated by Cloudflare in April 2025. In the first quarter of 2025 alone, Cloudflare reported blocking over 700 hyper-volumetric attacks, a dramatic escalation compared to the previous year.

Krebs, known for his investigative reporting on cybercrime, reached out to the individual believed to be operating the Aisuru botnet. The alleged operator, known online as "Forky," has a documented history of running DDoS-for-hire operations but denied any involvement in this incident and refused to disclose the client behind the attack.