If it is not over-egging the pudding then the attack will be the largest ever recorded.
The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things (IoT) devices and unpatched GitLab instances.
The DDoS attack comes just two weeks after Rapid7 warned of a GitLab vulnerability -- rated a full 10.0 on the CVSS severity scale -- that could be exploited to allow an attacker to remotely run code, like botnet malware, on an affected server.
Rapid7 found that at least half of the 60,000 internet-facing GitLab instances remain unpatched, and warned that it expected "exploitation to increase" as details of the bug became public.
Cloudflare said it blocked the massive DDoS attack just one week later. From its analysis of the attack, Cloudflare believes that it was a multi-vector attack that combined both DNS amplification attacks along with UDP floods.