Incident summary:
- Date: October 6, 2025
- Targets: Steam, Riot Games, PlayStation Network, AWS, and others
- Peak bandwidth (unconfirmed): 29.69 Tbps
- Suspected source: Aisuru botnet
- Attack vector (reported): TCP-based carpet bomb traffic
- Status: Under investigation — no official confirmation
What we know so far
Several major gaming platforms — including Steam and Riot Games — experienced simultaneous disruptions on October 6th. Players reported widespread connectivity issues across titles such as Counter-Strike, Dota 2, Valorant, and League of Legends.
While the cause has not been confirmed, early reports from the cybersecurity community point to a possible large-scale DDoS attack. The Aisuru botnet, previously associated with record-breaking incidents, has been mentioned as a potential source.
If verified, this event could have peaked at 29.69 Tbps, surpassing the 22.2 Tbps attack recorded in September.
Simultaneous outages across platforms
Outage data from Downdetector shows a sharp increase in reports starting around 8:00 PM EDT. Players across multiple regions noted sudden disconnections and login failures.
Riot Games acknowledged the problem on its service status page and temporarily disabled ranked play. Steam users also reported intermittent downtime and error messages.
Other major services — including PlayStation Network, Epic Games, AWS, and multiple ISPs — experienced higher-than-usual error reports around the same time, suggesting a broader internet-scale event.
Aisuru botnet suspected, but not confirmed
No official statement has yet confirmed the nature of the disruptions. However, researchers and independent analysts have speculated that the Aisuru botnet could be involved.
Aisuru has previously delivered several multi-terabit DDoS attacks since its discovery in 2024, most recently peaking at 22.2 Tbps in September.
Reports shared on social media platforms X and Reddit suggest the latest spike may have reached 29.69 Tbps, though these figures remain unverified. The attack was reportedly characterised by “sophisticated TCP carpet bomb” traffic — a method that closely mimics legitimate packets, complicating detection and mitigation.
Escalation in scale and sophistication
If the reports prove accurate, this incident marks another step in the steady rise of DDoS capacity over the past year.
Large-scale botnets like Aisuru continue to expand through vulnerable IoT devices — routers, cameras, gateways, and other internet-connected hardware — providing attackers with vast distributed bandwidth.
Aisuru is estimated to control more than 300,000 compromised nodes globally and has demonstrated an ability to sustain multi-terabit floods against diverse targets.
FastNetMon continues to monitor the situation and track developments related to large-scale DDoS activity. We will update this story as more verified data becomes available.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats. For more information, visit https://fastnetmon.com