Record-breaking DDoS attack suspected in widespread Steam, Xbox, and Epic Games outages

Global Gaming Services Hit by Massive DDoS Attack, Potentially the Largest Ever Recorded

The gaming world experienced significant disruptions on October 6th and 7th, with major platforms like Steam, Riot Games, Epic Games, and Xbox suffering widespread outages. Cybersecurity experts are pointing to what could be the most colossal Distributed Denial of Service (DDoS) attack in history, with the sophisticated botnet known as Aisuru suspected to be the culprit. This botnet allegedly unleashed a staggering 29.69 Terabits per second (Tbps) of malicious traffic, effectively paralyzing gaming infrastructure across the globe.

Unprecedented Outages Cripple Gaming Giants

The first signs of trouble emerged around 8:00 PM Eastern Time on October 6th (3:00 AM on October 7th, Kyiv time). Gamers were met with infuriating connection drops on Steam and the inability to launch matches in Riot Games' popular titles such as Counter-Strike 2, Dota 2, Valorant, and League of Legends. These beloved games remained inaccessible for hours, experiencing intermittent but frustrating 'downtime' even after brief periods of apparent recovery. The impact was so severe that Riot Games, in a bid to protect player experience, temporarily suspended matchmaking across all platforms, from Windows and macOS to iOS and Android devices. The widespread disruption spanned nearly 24 hours.

"Like many companies in recent days, we've experienced network stability issues and have taken proactive measures to protect the player experience. We have temporarily disabled ranked queues in some regions and enabled compensation for lost rating points where applicable," stated Joe Hickson, a representative for Riot Games, underscoring the gravity of the situation.

Beyond Gaming: A Wider Internet Impact

The tentacles of this attack, however, didn't stop at gaming. Reports indicated disruptions affecting other major online services, including PlayStation Network, Hulu, Amazon Web Services (AWS), and internet service providers like Xfinity and Cox. The sheer scale and the specific targeting of gaming infrastructure, rather than random technical glitches, strongly suggested a coordinated and deliberate assault. This pattern led specialists to investigate the possibility of a single, powerful entity orchestrating the chaos.

Aisuru Botnet: The Suspected Mastermind

The prime suspect identified by researchers is the Aisuru botnet, a formidable network of compromised devices known for its escalating power. According to cybersecurity analysts, on October 6th, Aisuru reportedly generated a staggering 29.69 Tbps of malicious traffic. This figure dwarfs the previous record of 22.2 Tbps set by Cloudflare, highlighting the unprecedented magnitude of this incident. First observed in August 2024, Aisuru's capabilities have grown exponentially. In May, it targeted KrebsOnSecurity with a 6.3 Tbps attack, and by September, this had surged to 11.5 Tbps. Experts estimate Aisuru controls around 300,000 compromised devices, ranging from seemingly innocuous surveillance cameras and routers to digital video recorders, transforming everyday objects into weapons of digital disruption.

Sophisticated Tactics and a Demonstration of Power?

Aisuru's modus operandi involves launching complex TCP "carpet bombing" attacks. These assaults are meticulously crafted to mimic legitimate traffic, making them exceptionally difficult to detect and block, much like trying to distinguish a single raindrop in a downpour. Previous targets of Aisuru have spanned the US, China, Germany, the UK, and Hong Kong, exhibiting a notable lack of selectivity. The botnet relentlessly attacks hundreds of targets daily and also offers its infrastructure for proxy services. While no official confirmation of a DDoS attack has been issued by all affected entities, the simultaneous timing and extensive scope of the outages strongly imply a shared root cause. Some in the online community speculate that this could be a deliberate showcase of the botnet's prowess, aimed at potential clients. As one user commented on a Steam subreddit, "A key part of selling your product is proving its capabilities. This is a great way to show that you can take down even resilient targets."