Steam, Epic, Riot Games Hit by Massive DDoS Attack: Aisuru Botnet Sets Record at 29.69 Tbps

On October 7, 2025, major gaming platforms including Steam, Epic Games Store, and Riot Games were simultaneously hit by DDoS attacks peaking at a record-breaking 29.69 Tbps. The Aisuru botnet controlled 300,000 devices using TCP carpet bomb attacks to simulate legitimate traffic.

DDoS Attack Steam Epic Games Riot Games Cybersecurity Botnet
Gaming platform DDoS attack illustration showing massive network traffic assault
Gaming platform DDoS attack illustration showing massive network traffic assault

Gaming’s Black Monday

October 7, 2025, marked an unprecedented service outage for gamers worldwide. Steam, Epic Games Store, Riot Games, and other major gaming platforms simultaneously crashed, leaving millions of players unable to access their games.

Attack timeline:

  • 8:00 AM UTC: First wave of attacks detected
  • 12:28 PM ET: Second, more intense wave strikes
  • Several hours: Multiple platforms experience intermittent service

This wasn’t an ordinary server failure—it was a carefully orchestrated massive Distributed Denial of Service (DDoS) attack.

The Aisuru Botnet: A New Generation Threat

Record-Breaking Attack Scale

The attack peaked at an astonishing 29.69 terabits per second (Tbps), setting a new DDoS attack traffic record.

How massive is this number?

  • Capable of transmitting approximately 3,700 GB of data in 1 second
  • Equivalent to simultaneously downloading 7,400 HD movies
  • Surpasses the vast majority of previously known DDoS attacks

300,000 Compromised Devices

The Aisuru botnet, first discovered in August 2024, has now infected over 300,000 devices:

  • Routers: Home and commercial network equipment
  • Surveillance cameras: IP cameras and security monitoring devices
  • DVRs: Digital video recorders
  • IoT gateways: Smart home hub devices

These devices typically have weak security, making them perfect targets for botnets. Once infected, devices are remotely controlled, becoming “zombies” for attacking other targets.

TCP Carpet Bomb Attack

Aisuru employs a “TCP carpet bomb” attack method:

  • Simulates legitimate traffic: Attack packets appear as valid connection requests
  • Difficult to identify: Traditional firewalls struggle to distinguish real from fake traffic
  • Hard to block: Cannot simply block specific IPs or traffic patterns
  • Sustained pressure: Continuously drains target server resources

This attack method is more covert and effective than traditional DDoS, making it extremely challenging for defenders.

Affected Gaming Platforms and Services

Steam: World’s Largest Gaming Platform Paralyzed

Steam, the world’s largest PC gaming platform, suffered severe impact:

  • Login failures: Players unable to connect to Steam client
  • Game interruptions: Ongoing online games disconnected
  • Store outages: Unable to browse or purchase games
  • Community features down: Friend lists and chat rooms unavailable

Particularly Counter-Strike 2 and Dota 2, with massive player reports of server connectivity issues.

Riot Games: Ranked Matches Disabled

Riot Games’ Valorant and League of Legends were also affected:

  • Server instability: Frequent disconnections and high latency
  • Ranked disabled: Officials emergency-disabled ranked mode
  • Match interruptions: Ongoing battles suddenly disconnected

Riot issued official statements on community platforms, indicating they were investigating the issue and temporarily closing ranked matches to protect player ratings.

Epic Games Store and Other Platforms

Epic Games Store also experienced service interruptions, with players unable to:

  • Launch Epic Games Launcher
  • Download or update games
  • Access accounts and purchase history

Additionally, the attack affected:

  • PlayStation Network: Some users reported connectivity issues
  • Hulu: Streaming service briefly interrupted
  • ISP providers: Xfinity, Cox, and other internet service providers impacted

AWS and Cloudflare Also Hit

The attack’s impact extended beyond the gaming industry:

  • Amazon Web Services (AWS): Cloud services experienced anomalies
  • Cloudflare: CDN and DDoS protection services under pressure

This demonstrates attackers targeted not just gaming platforms, but the entire internet infrastructure.

Attacker Identity and Motivations

Ideologically Driven Attackers

Security researchers describe the Aisuru botnet operators as “sophisticated and ideologically driven” attackers.

This means:

  • Not purely profit-driven: Likely not for ransom or money
  • Highly organized: Possessing advanced technical capabilities and resources
  • Targeted objectives: Launching attacks on specific targets at specific times

Possible Attack Motivations

Analysts speculate possible motivations include:

  1. Capability demonstration: Proving the botnet’s destructive power
  2. Political messaging: Expressing political or social stance
  3. Competitor rivalry: Gaming industry internal competition
  4. Pure disruption: Hacktivism
  5. Defense testing: Preparing for larger-scale attacks

No organization or individual has claimed responsibility yet.

Why Is Defense So Difficult?

Fundamental DDoS Challenges

Even resource-rich major platforms struggle against attacks of this scale:

Traffic overload

  • 300,000 devices simultaneously sending requests
  • Even if each device’s traffic is small, it accumulates into a tsunami
  • Exceeds any single server or data center’s processing capacity

Indistinguishable traffic

  • TCP carpet bombs simulate normal user behavior
  • Cannot simply block “suspicious” traffic
  • May accidentally block legitimate user connections

Distributed attacks

  • Attack sources spread globally
  • Blocking single IPs or regions ineffective
  • Requires filtering at network edge

Limitations of Existing Defenses

Even Cloudflare, a professional DDoS protection service, faces tremendous pressure against 29.69 Tbps attacks.

Traditional defense measures include:

  • Traffic scrubbing: Filters malicious traffic, but limited processing capacity
  • Blackhole routing: Drops suspicious traffic, but may affect normal users
  • CDN distribution: Disperses traffic to multiple nodes, but costly
  • Rate limiting: Limits single IP request frequency, but limited effect on distributed attacks

When attack scale reaches dozens of Tbps, any defense becomes challenging.

Industry Response and Future Impact

Platform Emergency Response

Major platforms took measures during attacks:

Steam

  • Activated emergency traffic scrubbing procedures
  • Expanded server bandwidth
  • Collaborated with ISPs to track attack sources

Riot Games

  • Suspended ranked matches to protect player ratings
  • Issued official announcements to reassure community
  • Enhanced monitoring and alert systems

Epic Games

  • Collaborated with AWS to respond to attacks
  • Assessed infrastructure defense capabilities
  • Considered increasing DDoS protection budget

Player Reactions and Losses

For millions of players, this attack caused:

  • Lost gaming time: Unable to play normally for several hours
  • Ranked rating impacts: Some players lost matches before disconnections
  • Match postponements: Esports events potentially affected
  • Decreased trust: Doubts about platform stability

While most platforms didn’t lose money, user experience and brand image suffered.

Long-term Industry Impact

This incident may bring changes:

  1. Increased infrastructure investment: Platforms will invest more resources in defense strengthening
  2. Rising third-party protection demand: More enterprises adopting professional DDoS protection services
  3. IoT security attention: Consumers and regulators prioritizing IoT device security
  4. Strengthened international cooperation: Cross-border tracking and combating botnets

IoT Device Security Crisis

Forgotten Security Vulnerabilities

The Aisuru botnet’s success exposes serious IoT ecosystem problems:

Weak device protection

  • Factory default passwords unchanged
  • Firmware not updated long-term
  • Lacking basic firewall protection

Insufficient user security awareness

  • Unaware devices can be compromised
  • Unclear how to check and protect
  • Devices connected for years without management

Manufacturer responsibility deficit

  • Lacking security updates after product sale
  • Not providing simple security setup guides
  • Low-price competition sacrificing security

300,000 Devices Just the Tip of the Iceberg

Security experts warn Aisuru’s infected 300,000 devices may be just a small fraction of the global problem:

  • Globally there are billions of IoT devices
  • Massive devices with known vulnerabilities
  • Botnets continuously expanding
  • Next attack may be even larger

User Protection Guide

Check Home IoT Devices

If you’re concerned your devices are compromised, take these steps:

  1. Change default passwords: Set strong passwords for routers, cameras, etc.
  2. Update firmware: Regularly check devices for security updates
  3. Disable unnecessary remote access: Limit device external connections
  4. Use separate networks: Place IoT devices on separate Wi-Fi network
  5. Monitor abnormal traffic: Use router monitoring tools to observe unknown traffic

Gamer Precautions

When encountering similar attacks:

  • Stay calm: Confirm it’s a platform issue, not your network
  • Follow official announcements: Track platform social media updates
  • Avoid repeated attempts: Don’t keep reconnecting, may worsen server burden
  • Enable two-factor authentication: Protect account security, prevent subsequent attacks

Future Threat Predictions

Attack Scale Will Continue Growing

With:

  • IoT device numbers continuing to increase
  • 5G and high-speed networks proliferating
  • Botnet technology evolving

Future DDoS attacks may:

  • Exceed 30 Tbps, reaching 50 Tbps or even 100 Tbps
  • Become harder to defend and track
  • Cause longer service interruptions

Attack Target Diversification

Gaming platforms are just one target, future expansion may include:

  • Financial institutions and trading platforms
  • Government and public service websites
  • Critical infrastructure (energy, transportation)
  • Healthcare and education systems

Defense Technology Arms Race

Industry must develop new defense technologies:

  • AI-driven traffic analysis: Real-time anomaly pattern identification
  • Quantum encryption: Preventing attackers from breaking defense mechanisms
  • Blockchain verification: Confirming connection request authenticity
  • Joint defense: Multiple enterprises sharing threat intelligence

Conclusion

The October 7 massive DDoS attack is not just a gaming industry crisis, but a warning of the entire internet ecosystem’s fragility.

The Aisuru botnet, through 300,000 compromised IoT devices, generated record-breaking 29.69 Tbps attack traffic, simultaneously paralyzing giants like Steam, Epic, and Riot. This proves:

Even the most resource-rich tech giants remain vulnerable against well-planned massive attacks.

For gaming platforms, this is an urgent need to strengthen infrastructure; for the IoT industry, this is an opportunity to re-examine security standards; for general users, this is a wake-up call to raise cybersecurity awareness.

As our lives increasingly depend on internet services, as more devices connect online, every inadequately protected device could become an accomplice to the next attack.

This attack has ended, but the threat never disappeared. Next time, the attack may be larger, the target more critical, the impact more far-reaching.

The question isn’t “will it happen again,” but “when will it happen again”—and will we be ready when it does.

作者:Drifter

·

更新:2025年10月8日 上午07:00

· 回報錯誤
Pull to refresh