[buro9]

Botnets tests their capabilities all the time. This could have been a command and control test, a test to see what they could muster, or a demonstration.

When testing they seldom run for a long time.

Cloudflare's mitigation would've dropped in on the metals and still been visible to Cloudflare's monitoring... so the attackers stopped after a minute.

[remram]

So those nice graphs on Cloudflare's blog are exactly the information the attackers wanted? If that's the case, by publishing such detailed post-morterms, Cloudflare is just inviting future test attacks.