Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks.
The attacks peaked at 71 million requests-per-second (rps), but the majority were around 50-70m. The incident was the largest reported HTTP DDoS attack on record, beating the June 2022 record of 46m rps.
The attacks on Cloudflare-protected websites were HTTP/2-based, and originated from over 30,000 IP addresses.
Cloudflare did not disclose the targets of the attack, but said that it included a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms.
The attacks came from numerous cloud providers, with Cloudflare working with them to kill the botnet. Google security reliability engineer Damian Menscher said that Google Cloud was among those providers. "Thanks Cloudflare for your partnership in getting the infrastructure dismantled," he said.
Cloudflare does not believe that the incident is related to a recent spate of attacks on healthcare websites, or the US Super Bowl.