Report: Geopolitical tensions trigger spikes in DDoS attacks

In the first half of 2025, a new wave of geopolitically motivated cyber activity swept across Europe, the Middle East, and Africa (EMEA). According to NetScout’s DDoS Threat Intelligence Report, hacktivists launched more than 8 million distributed denial-of-service (DDoS) attacks globally in H1 2025, with the majority of these attacks targeting EMEA. Looking at the region in greater detail, additional findings from NetScout’s report revealed:

The top five targeted countries in EMEA were: Germany, France, Poland, Russia and Saudi Arabia
The conflicts between Iran-Israel and India-Pakistan extended into the cyberspace. The former generated more than 15,000 attacks against Iran, while the latter saw hacktivist groups like SYLHET GANG-SG and Keymous+ target Indian government and financial sectors
During the World Economic Forum, Switzerland saw more than 1,400 attacks – double normal rates when compared to similar time periods in December
Threat actors led an assault against wireless telecommunications carriers, launching more than 1 million attacks against the industry, compared to just over 500,000 in H2 2024 – an increase of more than 130 per cent
Cybercriminals also turned their attention to research and development in biotechnology, and ball and roller bearing manufacturing, with attack frequency against those sectors increasing by 10,473 per cent and 1,676 per cent respectively

Richard Hummel, director of threat intelligence at NetScout, commented: “In the first half of 2025, geopolitical events triggered massive spikes in DDoS attacks as hacktivists attempted to cause instability and chaos, with EMEA bearing the heaviest burden. For example, from February 16th to March 3rd, Italy attracted the attention of several threat actors following a series of political discussions, including the notorious NoName057(16). Geopolitical unrest was the primary trigger for unprecedented DDoS campaigns in the region; adversaries exploited these moments of national vulnerability to amplify political and social instability. This presents an unceasing threat to civilians as threat actors specifically aim to destabilise critical infrastructure, impacting everyone who accesses these essential services. For instance, this was seen at the height of the recent India-Pakistan conflict, with Pakistani-sympathising threat actors undertaking online operations against critical Indian infrastructure.”

“Adding to this, it is easier than ever to launch these types of attacks, aiding hacktivists in their efforts to inflict significant operational disruption against nations ideologically opposed to them. Both novice and seasoned threat actors exploit shared DDoS-for-hire infrastructure, diminishing entry barriers and expanding the threat spectrum. Advancements in DDoS-for-hire services now incorporate AI-enhanced attacks, enabling these platforms to offer users automated attack scheduling and sustained campaign management with minimal human oversight.”

“As EMEA faces a sustained assault from cybercriminals amidst ongoing geopolitical tensions, organisations in the region must maintain heightened vigilance. This includes employing advanced DDoS protection and real-time threat operational intelligence to effectively counter hacktivist attack campaigns,” concluded Hummel.