Microsoft Azure Targeted by Aisuru Botnet with 500,000 IP Addresses

A DDoS (Distributed Denial of Service) is a powerful cyberattack against websites and online services. When successful, a DDoS can bring down any website or online service by overwhelming the target with massive data requests. Government websites, important institutions, and popular apps are often the target of this type of cyberattack.

As the internet evolves, the target of attack and its scale have also increased. According to Bleeping Computer, a massive DDoS attempt was conducted against Microsoft Azure.

For the unfamiliar, Azure is Microsoft’s cloud computing arm servicing some of the largest companies, public and private institutions, as well as governments around the world. Because of its scalability, Azure is also one of the options for small businesses looking to take their business process to the cloud. According to Visual Capitalist, Azure holds a 20% market share in the global cloud computing market. It lags behind Amazon Web Services (30%), with Google Cloud trailing behind at 13%.

Taking down Azure with DDoS could mean that some important websites and online services could go offline. Important transactions could be suspended and could be life-threatening in some cases if the attack is successful.

No Laughing Matter

The DDoS attack against Azure is also one of the largest in terms of scale. According to Microsoft’s blog on the attack, Azure was the target of a “multi-vector DDoS attack measuring 15.72 tbps and nearly 3.64 billion packets per second (pps). This was the largest DDoS attack ever observed in the cloud, and it targeted a single endpoint in Australia.”

For context, Cloudflare also reported a “record-breaking” DDoS attempt of “5.6 Terabit per second (Tbps) DDoS attack.” The attack was detected and blocked in Halloween 2024, and the volume nearly tripled in just one year. Aisuru was also part of the  “Top Domain” website scheme in Cloudflare, intending to be more popular than already established websites and possibly spreading malware.

Microsoft Azure and Cloudflare successfully blocked these large-scale DDoS attacks. However, the scale of these attacks will only grow bigger, posing even more challenges to these types of online services. Smaller websites are also vulnerable to large-scale DDoS attacks, especially if the website does not have sufficient security measures.

Flooding a Single IP Address

Azure’s recent DDoS attack is incredibly targeted because it focused on a single IP address in Australia using the Aisuru Botnet. According to NetScout, “Aisuru is one of multiple 'TurboMirai' DDoS-capable IoT botnets enhanced to substantially increase attack traffic generated per botnet node.”

The danger of Aisuru is not only in its role as a DDoS tool. The tool acquires its DDoS capability in compromised IoT and other network devices around the world. In the latest attack on Azure, Aisuru utilized 500,000 IP addresses. It took advantage of firmware vulnerabilities on routers and flawed security patches inherent in other IoT devices.

It should be noted as well that Aisuru Botnet is not just a cyberattack randomly trying to hack into unsuspecting targets. It also works as “DDoS-for-hire” as it works with other nefarious agents trying to take down online services for various reasons.