NETSCOUT: Global DDoS Threat Report 1H2025

NETSCOUT has released its latest research describing the evolution of the Distributed Denial-of-Service (DDoS) attack landscape.

NETSCOUT: Over 8 Million DDoS Attacks Already Recorded

In the first half of 2025, NETSCOUT recorded more than 8 million DDoS attacks worldwide, including over 3.2 million in the EMEA region. DDoS attacks have evolved into precision weapons of geopolitical influence, capable of destabilizing critical infrastructure.

Hacktivists, Botnets, and Automation

Hacktivist groups such as NoName057(16) organized hundreds of coordinated attacks each month, targeting communications, transportation, energy, and defense sectors.
DDoS-for-hire services have democratized attack tools, enabling novices to launch complex campaigns.
AI-enhanced automation, multi-vector attacks, and carpet bombing techniques challenge traditional security defenses.
Botnets compromising tens of thousands of IoT devices, servers, and routers executed prolonged attacks, causing major disruptions.

Each of these factors is dangerous on its own, but together they create a “perfect storm” of unprecedented cyber risk for organizations and service provider networks across the globe.

Key Findings from the Research

Global scale of attacks: NETSCOUT recorded over 50 attacks exceeding 1 terabit per second (Tbps) and several reaching gigapackets per second (Gpps) in H1 2025, including a 3.12 Tbps attack in the Netherlands and 1.5 Gpps in the U.S.
Geopolitical events triggered massive DDoS campaigns: The conflict between India and Pakistan led to hacktivist attacks on Indian government and financial sectors in May. The Iran-Israel conflict in June resulted in over 15,000 attacks against Iran and 279 against Israel.
Botnet attacks grew in complexity: In March, more than 880 bot-driven DDoS attacks occurred daily, peaking at 1,600 incidents. The average attack duration rose to 18 minutes.
Emerging threat actors: Using DDoS-for-hire infrastructure, the DieNet group carried out over 60 attacks since March, while Keymous+ launched 73 attacks targeting 28 industries in 23 countries.
NoName057(16) dominance: In March alone, this group claimed over 475 attacks — 337% more than the next most active group — targeting government websites in Spain, Taiwan, and Ukraine.

NETSCOUT Expert Commentary

“As hacktivist groups increasingly leverage automation, shared infrastructure, and new tactics, organizations must realize that traditional defenses are no longer sufficient,” said Richard Hummel, threat intelligence lead at NETSCOUT.

NETSCOUT maps the DDoS landscape through passive, active, and reactive observation points, providing unparalleled visibility into global attack trends. The company protects two-thirds of the routed IPv4 space, securing network perimeters that, in H1 2025, transmitted peak global traffic exceeding 800 Tbps. NETSCOUT tracks tens of thousands of daily DDoS attacks, monitoring numerous botnets and DDoS-for-hire services that leverage millions of hijacked or compromised devices.

NETSCOUT’s Unique Role

Mapping the DDoS landscape via passive, active, and reactive telemetry for maximum threat visibility.
Protecting more than two-thirds of routed IPv4 space globally.
Safeguarding networks that, in H1 2025, carried over 800 Tbps of peak traffic.
Monitoring tens of thousands of attacks daily, launched by botnets and DDoS-for-hire services using millions of compromised devices.

Where to Buy NETSCOUT?

NWU is the official distributor of NETSCOUT solutions in Ukraine, the South Caucasus, and Central Asia. We provide comprehensive support at every stage — from solution selection and deployment to full integration into your infrastructure.

When buying NETSCOUT from NWU, you benefit from: