CyberSecurity news

FlagThis - #ddos

Pierluigi Paganini@Security Affairs //

Pro-Russia Hacktivists Target Dutch Organizations - Pro-Russian hacktivist group NoName057(16) is targeting Dutch organizations with large-scale DDoS attacks, causing access problems and service disruptions.
Pro-Russia hacktivist group NoName057(16) is actively targeting Dutch organizations with large-scale distributed denial of service (DDoS) attacks. These attacks are causing significant access problems and service disruptions for targeted entities across both the public and private sectors in the Netherlands. The country's National Cyber Security Center (NCSC) has issued a warning about these ongoing cyber activities. The NCSC confirmed that the attacks also affect European organizations alongside Dutch ones.

The attacks are part of a broader campaign of cyber-attacks claimed by the hacktivist group. These persistent DDoS attacks aim to overwhelm the targeted organizations' systems with malicious traffic, rendering them inaccessible to legitimate users. The goal of these attacks appears to be the disruption of services and potentially the undermining of confidence in the targeted organizations. BleepingComputer reported on this campaign, highlighting the severity and widespread impact of these attacks.

The National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice, released a statement acknowledging the situation. The statement mentioned that both public and private entities within the Netherlands are being targeted by these large-scale DDoS attacks. The NCSC continues to monitor the situation and is working to mitigate the impact of these attacks.

Recommended read:
References :
  • bsky.app: Pro-Russia hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • securityaffairs.com: Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations
  • www.bleepingcomputer.com: Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
  • BleepingComputer: Pro-Russian hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • bsky.app: Russian group NoName launched DDoS attacks and took down the public websites of several Dutch provinces.
  • www.bleepingcomputer.com: Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • DataBreaches.Net: A large-scale cyberattack hit multiple Dutch municipalities and provinces on Monday morning, rendering the websites of more than twenty local governments inaccessible for several hours.
  • The DefendOps Diaries: Pro-Russian Hacktivists Target Dutch Public Organizations with DDoS Attacks
  • gbhackers.com: Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks.
  • industrialcyber.co: Forescout reports rise of state-sponsored hacktivism, as geopolitics rewrites cyber threat landscape
Bill Toulas@BleepingComputer //

Cloudflare Reports Massive Increase in DDoS Attacks - Cloudflare reports a 358% year-over-year increase in DDoS attacks in 2025, mitigating a record 20.5 million attacks and highlighting the need for robust defense strategies.
Cloudflare has released its 2025 Q1 DDoS Threat Report, revealing a staggering increase in Distributed Denial of Service (DDoS) attacks. The report highlights that Cloudflare mitigated 20.5 million DDoS attacks in the first quarter of 2025 alone. This represents a massive 358% year-over-year and 198% quarter-over-quarter increase, nearly matching the total number of attacks recorded throughout all of 2024. The escalating threat landscape underscores the critical need for robust and adaptive cybersecurity measures to protect online infrastructure from malicious actors.

One of the most significant incidents during this period was the mitigation of a record-breaking DDoS attack peaking at 4.8 billion packets per second (Bpps). This hyper-volumetric attack, part of a late-April campaign, presented a substantial technical challenge due to its immense scale and short duration, typically lasting between 35 and 45 seconds. Cloudflare also neutralized a 6.5 terabit-per-second (Tbps) UDP flood. Overall, the company recorded over 700 hyper-volumetric DDoS attacks, each exceeding either 1 Tbps or 1 Bpps, demonstrating the growing sophistication and intensity of these threats.

Network-layer DDoS attacks fueled much of this increase, totaling 16.8 million incidents between January and March 2025. A notable 6.6 million of these attacks targeted Cloudflare's own infrastructure. Attackers are increasingly deploying sophisticated multi-vector campaigns, leveraging tactics such as SYN floods, Mirai-botnet assaults, and SSDP amplification to overwhelm targets from multiple angles. Cloudflare identified two emerging threats: Connectionless Lightweight Directory Access Protocol (CLDAP) attacks, which saw a 3,488% quarter-over-quarter increase, and Encapsulating Security Payload (ESP) attacks, growing by 2,301% in the same period.

Recommended read:
References :
  • cyberpress.org: Cyberpress article on Cloudflare's 2025 DDoS Mitigation
  • The DefendOps Diaries: TheDefendOpsDiaries on Cloudflare's 2025 DDoS Mitigation Achievements
  • BleepingComputer: Internet services giant Cloudflare says it mitigated a record number of DDoS attacks in 2024, recording a massive 358% year-over-year jump and a 198% quarter-over-quarter increase.
  • www.scworld.com: SecurityWorld Article on Cloudflare's 2025 DDoS Mitigation
  • Blog: Cloudflare has reported a significant surge in distributed denial-of-service (DDoS) attacks, marking a new record in 2025.
  • Cyber Security News: Cloudflare mitigated a record 20.5 million DDoS attacks in the first quarter of 2025
  • Anonymous ???????? :af:: In 2025 Q1, Cloudflare blocked +20M attacks (a 358% YoY spike) along with 5.6 Tbps and 4.8 Bpps record-breaking attacks.
  • Cloudflare: DDoS attacks are surging. In 2025 Q1, Cloudflare blocked +20M attacks (a 358% YoY spike) along with 5.6 Tbps and 4.8 Bpps record-breaking attacks. Read more in our latest DDoS Threat Report 👉
  • The Cloudflare Blog: Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report
  • BleepingComputer: Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • The DefendOps Diaries: Pro-Russian hacktivists disrupt Dutch public services with DDoS attacks, highlighting vulnerabilities and resilience in digital infrastructure.
  • www.bleepingcomputer.com: Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • bsky.app: Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
@techradar.com //

Cyberattack on X: Ukraine Blame, Dark Storm Claims - Social media platform X (formerly Twitter) experienced a cyberattack in March 2025, with conflicting claims about its origin and debates about the platform’s security.
On March 10, 2025, the social media platform X, formerly known as Twitter, experienced a significant outage, impacting thousands of users in the US and the UK. Owner Elon Musk attributed the interruption to a "massive cyberattack," claiming that IP addresses originating from Ukraine were responsible. Reports indicated that problems peaked at 40,000 on Downdetector, marking it as the most substantial disruption of service the platform had faced in years, with effects lasting for several hours. Musk stated that the attack was done with a lot of resources.

Security experts suggest a different explanation, attributing the disruption to a distributed denial-of-service (DDoS) attack. This involves overwhelming X's servers with bogus traffic from numerous devices, making it difficult to pinpoint the attack's true origin. Analysts believe hackers routed traffic through hijacked IP addresses in several regions, masking their identities. A hacking group, Dark Storm Team, briefly claimed responsibility for the attack on Telegram.

Recommended read:
References :
  • Check Point Blog: Dark Storm Team Claims Responsibility for Cyber Attack on X Platform – What It Means for the Future of Digital Security
  • socradar.io: X Faces Cyberattack: Dark Storm Team Takes Credit, Musk Blames Ukraine
  • Malwarebytes: X users report login troubles as Dark Storm claims cyberattack
  • www.scworld.com: Disruptive DDoS attack against X claimed by pro-Palestinian hackers
  • WIRED: What Really Happened With the DDoS Attacks That Took Down X
  • Threats | CyberScoop: X suffered a DDoS attack. Its CEO and security researchers can’t agree on who did it.
  • eSecurity Planet: Elon Musk Blames ‘Massive Cyberattack’ for Widespread X Outage
  • Rescana: X Platform Outage Due to Massive Cyberattack
  • Risky Business Media: A Pro Palestinian group claims credit for the X DDoS, CISA gets a new director as DOGE fires its red teams, and Asian scam compounds keep growing.
  • Blog: Pro-Palestine group hits X with massive DDoS attack
  • Davey Winder: X Under Attack—Who Was Really Behind The Musk Platform Outages?
  • Information Security Buzz: X Under Siege: Massive Cyberattack Sparks Widespread Outages as Experts Call Musk’s Ukraine Claims ‘Garbage’
  • Schneier on Security: In a stark reminder of the growing threat posed by hacktivist groups, the pro-Palestinian Dark Storm Team has taken credit for a major distributed denial-of-service (DDoS) attack on X (formerly Twitter).
  • darkmarc.substack.com: Elon Musk's X Down in Cyberattack, Amazon Hosts Stalkerware, CISA Slashes State Funding
  • The Next Web: What caused the X outage that Musk is blaming on Ukraine?
  • John Brandon: Elon Musk Claims Twitter (Now Called X) Was Down Due To A Cyberattack
  • www.techradar.com: Who was really behind the massive X cyberattack? Here’s what experts say about Elon Musk’s claims
Bill Mann@CyberInsider //

Eleven11bot DDoS Attacks Fueled by 30,000+ IoT Devices - Eleven11bot, a newly discovered botnet, has infected over 30,000 internet-connected devices, mainly security cameras and NVRs, and is launching DDoS attacks targeting telecom providers and gaming platforms.
A newly discovered botnet, Eleven11bot, has infected over 30,000 internet-connected devices. These compromised devices, primarily security cameras and Network Video Recorders (NVRs), are being actively used to launch Distributed Denial of Service (DDoS) attacks. The botnet's malicious activity has been directed towards critical telecom infrastructure and gaming websites, causing significant disruptions.

The activity of Eleven11bot has been traced back to Iran, with the infected devices distributed globally. Security researchers have discovered the botnet is being used to carry out brute force attacks on login pages. Weak or reused passwords are being exploited to take control of vulnerable devices. Regular updates to device firmware, frequent password changes, and disabling remote access can significantly reduce the risk of these breaches.

Recommended read:
References :
  • CyberInsider: Massive DDoS Botnet Eleven11bot Infects 30,000+ IoT Devices
  • www.cybersecurity-insiders.com: DDoS attacks by 30k botnets and IBM n Vodafone safe internet from quantum computing attacks
  • securityaffairs.com: New Eleven11bot botnet infected +86K IoT devices
  • www.scworld.com: Over 86K devices impacted by novel global Eleven11bot botnet
  • www.techradar.com: Another huge new botnet is infecting thousands of webcams and video recorders for DDoS attacks
  • aboutdfir.com: Massive botnet that appeared overnight is delivering record-size DDoSes A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.
  • The GreyNoise Blog: A newly discovered global cyber threat is rapidly expanding, infecting tens of thousands of internet-connected devices to launch powerful cyberattacks.
  • WIRED: Eleven11bot infects webcams and video recorders, with a large concentration in the US.
@securityboulevard.com //

DDoS Attacks Surge 56% in 2024, Gcore Report Shows - Gcore’s Q3-Q4 2024 Radar report reveals a 56% year-on-year increase in DDoS attacks, with the gaming and financial services industries being the most targeted.
Gcore's Q3-Q4 2024 Radar report reveals a significant 56% year-on-year increase in DDoS attacks, highlighting a steep long-term growth trend. The report indicates a concerning escalation in the total number of DDoS attacks and their magnitude, with the largest attack peaking at 2 Tbps, an 18% increase from Q1-Q2 2024. DDoS attacks are also becoming shorter in duration but more powerful.

The gaming industry remains the most targeted sector, accounting for 34% of all attacks. However, the financial services sector experienced a significant surge, accounting for 26% of all DDoS attacks, up from 12% in the previous period. The technology industry also saw a steady increase in its share of DDoS attacks. The increase to the technology sector increasing from 7% to 19% since Q3-Q4 2023. This shift shows DDoS attackers recognize the wide-reaching disruption potential of attacking technology services.

Recommended read:
References :

Posts

Blogs

Research Tools