Cloudflare Repelled a Record DDoS Attack of 11.5 Tbit/s

On September 1, 2025, Cloudflare reported that it had stopped the most powerful UDP flood DDoS attack in history, aimed at exhausting system resources. In just 35 seconds, the attackers flooded the company with traffic at 11.5 Tbit/s and a rate of 5.1 billion packets per second, using a combination of IoT devices and cloud providers.
Scale of the attack
In recent weeks, Cloudflare has recorded hundreds of hyper-volumetric attacks, but this one set a record. This is not the company’s first record: in just the first half of 2025, it blocked 27.8 million DDoS attacks, more than during the whole of 2024. In May, the company repelled another powerful cyberattack of 7.3 Tbit/s, which lasted 45 seconds and originated from more than 122,000 IP addresses.
Initially, Google Cloud was named as the main source, but it was later clarified that this was only one of many platforms involved in the large-scale attack infrastructure. Google stated that most of the traffic did not come from their servers, and their own systems detected and blocked the abuse in accordance with protocol.
How does a UDP flood work?
A UDP flood is one of the most common types of DDoS attacks, where the target is literally “flooded” with massive volumes of traffic. The server or network equipment cannot cope with the packet flow, which leads to delays, data loss, and even complete service shutdowns.
Botnets made up of infected IoT devices, cameras, routers, DVRs, are often used for such attacks. Each device generates a small stream, but together they form a real traffic “tsunami.”
However, the danger of a UDP flood is not only in service outages. Such attacks can also be used as a “smokescreen.” While the company struggles with overload, hackers may carry out more complex scenarios: data theft, account breaches, financial fraud, or other types of cybercrime.
Conclusion
Cloudflare has once again proven that it can withstand even record-breaking cyberattacks. But the rapid growth of DDoS campaigns shows that the threat is intensifying, and organizations should take the protection of their digital infrastructure very seriously.