Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded.
The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things (IoT) devices and unpatched GitLab instances.
The DDoS attack comes just two weeks after Rapid7 warned of a GitLab vulnerability — rated a full 10.0 on the CVSS severity scale — that could be exploited to allow an attacker to remotely run code, like botnet malware, on an affected server. Rapid7 found that at least half of the 60,000 internet-facing GitLab instances remain unpatched, and warned that it expected “exploitation to increase” as details of the bug became public.
The company wasn’t wrong; Cloudflare said it blocked the massive DDoS attack just one week later. From its analysis of the attack, Cloudflare believes that it was a multi-vector attack that combined both DNS amplification attacks along with UDP floods.
Cloudflare says the attack, which lasted less than a minute, was the largest it had witnessed to date. It comes just a month after Microsoft said it mitigated a “record-breaking” 2.4 Tbps DDoS attack targeting one of its Azure customers in Europe.
While Cloudflare mitigated the attack in seconds, it warns that it witnessed multiple terabit-strong DDoS attacks last month, adding that this is unlikely a trend that’s going to slow down any time soon.
“Another key finding from our Q3 DDoS Trends report was that network-layer DDoS attacks actually increased by 44% quarter-over-quarter,” said Omer Yoachimik, product manager at Cloudflare. “While the fourth quarter is not over yet, we have, again, seen multiple terabit-strong attacks that targeted Cloudflare customers.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Rapid7 has urged GitLab users to update the latest version of GitLab as soon as possible. “In addition, ideally, GitLab should not be an internet-facing service,” the company added. “If you need to access your GitLab from the internet, consider placing it behind a VPN.”
