- DDOS attacks on the scale of TBP have passed from rare abnormalities to constant threats
- Hacktivist groups armed automation and botnets to destabilize fragile infrastructure
- Political disputes were spreading more and more online, triggering destructive waves of cyber-agression
The first half of 2025 marked another major escalation in the distributed service denial activity (DDOS), with new research on Netcout documenting more than eight million attacks worldwide in these six months.
More than three million attacks have been recorded across Europe, the Middle East and Africa, highlighting the regional tension.
He also noted that strikes on a terabit scale per second, once rare anomalies have become almost routine, peaks reaching 3.12 TBPS in the Netherlands and 1.5 Gbit / s in the United States.
Political conflicts lead to digital assault
These results suggest that DDOS attacks are no longer an occasional disturbance, but a rooted method to destabilize essential networks, because geopolitical tensions remain a key trigger for large attack campaigns.
NetScout noted how disputes between India and Pakistan stimulated large waves of hostile activities against Indian financial and government systems.
Similarly, during the confrontations involving Iran and Israel, more than 15,000 strikes targeted the Iranian infrastructure in a few days, while less than 300 targeted Israel.
Even the international forums have not been spared, events in Switzerland knowing more than 1,400 incidents in a single week.
A large part of this scale is also based on compromise devices operating like botnets.
In March 2025 alone, the attackers launched an average of 880 botnet incidents daily, with peaks of 1,600.
Compromised systems generally included routers, servers and IoT devices, often based on known defects rather than unknown vulnerabilities.
Despite years of security warnings, these weaknesses remain systematically exploited, allowing short but impactful campaigns that disrupt dependent services.
For organizations based solely on the basic antivirus or the protection of termination criteria, such supported Botnet traffic presents challenges that overwhelm conventional guarantees.
In addition, the evolution of DDOS campaigns has been accelerated by automation and artificial intelligence.
Multi-voter strikes and carpet bombing techniques are now occurring faster than defenders cannot respond, creating asymmetrical pressure.
NetScout also underlined the emergence of “Rogue LLMS”, which offer hostile actors accessible planning and escape methods.
Combined with DDOS-For-Hire platforms, these tools have considerably reduced barriers to inexperienced attackers, allowing high-capacity strikes with minimum technical depth.
The result is that TBPS incidents have gone from rare shows to the constant risks.
Among the hacktivist collectives, noname057 (16) continues to execute the most frequent campaigns, exceeding competitors.
In March, the group claimed more than 475 attacks, mainly intended for government portals in Spain, Taiwan and Ukraine.
Their dependence on different flooding techniques indicates both coordination and persistence, suggesting ideological motivations beyond opportunistic disturbance.
While new players such as Dienet and Keymous + have entered the stage with dozens of attacks in several sectors, their activity has still not been short compared to the Noname057 scale (16).
“While hacktivist groups take advantage of more automation, shared infrastructure and evolving tactics, organizations must recognize that traditional defenses are no longer sufficient,” said Richard Hummel, director, Threat Intelligence, Netscout.
“The integration of AI assistants and the use of large languages models (LLM), such as Wormgpt and Fraudgpt, degenerate this concern. And, although the recent withdrawal of Noname057 (16) managed to temporarily reduce the Botnet Ddos activities of the group, which is guaranteed. ”
