PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Cloud Provider Fends Off Record-Breaking DDoS Attack

OVHcloud says an April DDoS attack reached 840 million packets per second, a new high.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Traffic_analyzer via Getty)

A group of high-capacity routers may have been hijacked to launch a record-breaking DDoS attack on a cloud provider back in April. 

The attack targeted France-based OVHCloud, reaching 840 million packets per second. The number surpasses the 809 million packets per second (Mpps) attack that DDoS protection provider Akamai experienced in 2020 when a hacker tried to take down a European bank. 

DDoS attacks overwhelm an internet service with traffic, knocking it offline. Over the years, cybercriminals have come up with various ways to launch DDoS assaults, which can include summoning terabits of data per second or millions of requests per second.  

In OVHCloud’s case, the attacker leveraged a “packet rate attack,” which can overload the packet processing engines to a web property’s networking devices rather than merely deplete the available bandwidth. 

(Credit: OVHCloud)

“The general idea is to cripple the infrastructures in front of the targeted service (e.g., load-balancers, anti-DDoS systems, …), thus possibly impacting a large infrastructure as collateral damage. Simply put: instead of trying to find holes in anti-DDoS systems, just take them down,” OVHCloud says. 

Most packet rate attacks usually rate well below 100Mpps, since a large amount of computing power is needed to generate so many packets. But in the past 18 months, OVHCloud has detected an increase in packet rate attacks reaching over 100Mpps. “We went from mitigating few of them each week, to tens or even hundreds per week,” the company said. 

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

The April attack that reached 840Mpps originated from 5,000 IP addresses. OVHCloud didn’t reveal what the attack attempted to take down. However, the company said it had enough internet capacity to fend off the assault.

To investigate the source, OVHCloud looked at DDoS attacks it encountered ranging from 100 to 500Mpps. The company then traced some of the activity to a group of high-capacity MikroTik routers, which may have been hijacked to launch the DDoS assaults. 

OVHCloud points to how MikroTik routers have suffered from vulnerabilities in the past. Many of the affected devices also operate with an interface openly accessible over HTTP. In addition, OVHCloud has uncovered evidence that 99,382 MikroTik routers are currently online, with the capacity to launch high packet rate attacks. 

"We can’t say yet why these devices are involved in coordinated DDoS attacks, but one possible hypothesis could be the 'Bandwidth test' feature from RouterOS," the company added. "It allows the administrator to test the real throughput of a router by crafting packets and perform stress tests."

OVHCloud has tried to contact MikroTik about the potential threat. However, the router maker has yet to respond to the company's request for feedback.

In the meantime, OVHCloud fears cybercriminals will continue to abuse the affected routers as long as they remain vulnerable to hacking. This could result in more powerful DDoS attacks that could theoretically reach as high as 2.28 billions packets per second.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio