The victims were entities within the financial services, internet, and telecommunications sectors. Volumetric attacks reached an unprecedented peak of 3.8 terabits per second, marking the largest publicly recorded attack to date.

 The onslaught comprised a "month-long" deluge of over 100 hyper-volumetric DDoS attacks, inundating network infrastructure with garbage data.

A significant number of these attacks, directed at the target's network infrastructure (network and transport layers L3/4), surpassed two billion packets per second (pps) and three terabits per second (Tbps).

Researchers at the internet infrastructure firm Cloudflare reported that the compromised devices were globally dispersed, with a notable concentration in Russia, Vietnam, the United States, Brazil, and Spain.

The perpetrators behind this campaign exploited various compromised devices, including many Asus home routers, Mikrotik systems, DVRs, and web servers. Cloudflare autonomously mitigated all the DDoS attacks, noting that the one peaking at 3.8 Tbps endured for 65 seconds.

The researchers say that the network of malicious devices used mainly the User Datagram Protocol (UDP) on a fixed port, a protocol with fast data transfers but which does not require establishing a formal connection.

Previously, Microsoft held the record for defending against the largest volumetric DDoS attack of 3.47 Tbps, which targeted an Azure customer in Asia.