Up to the seventh bot: Russia has entered the top 10 most hacker-attacked countries

The number of DDoS attacks on government and commercial structures almost doubled in the first quarter of 2025 compared to the same period last year, cybersecurity companies told Izvestia. India, China, the United States and Russia remain among the main targets. However, hackers have become less interested in Russian organizations — experts note that political pressure has decreased and the initiators of DDoS attacks are again pursuing mainly commercial interests. Which industries are most often attacked by hackers can be found in the Izvestia article.

Which countries are being attacked by hackers

India, China and the United States were among the top 3 most attacked countries by hackers in the first quarter of 2025. This was reported to Izvestia by analysts at StormWall. Russia took the ninth place in this ranking. The fact that Russia is among the ten most attacked countries was also confirmed by the Telecom Exchange company.

In India, the attackers attacked primarily financial, transport companies and the public sector. In the United States, commercial companies suffered the most from DDoS attacks.

India accounted for 18.1% of the total volume of attacks, China — 16.2%, the United States — 14.7%. This is followed by Japan (12.3%) and Taiwan (10.2%).

Photo: TASS/dpa/picture-alliance/Julian Stratenschulte

"Most DDoS attacks on Taiwan were organized by Chinese hacktivists who attacked government organizations in Taiwan, as well as key sectors of the country's economy," the analysts noted. "The reason for such a strong surge in attacks on Taiwan was the further development of the conflict between China and Taiwan and the significant deterioration of the geopolitical situation."

Belgium took the sixth position (9.7%). Most of the attacks on this country were organized by politically motivated hackers, analysts believe.

Photo: IZVESTIA/Sergey Lantyukhov

"They tried to express their dissatisfaction with the work of the European Parliament through DDoS attacks," they note.

Saudi Arabia ranks seventh at 6.8%. This is one of the richest countries in the Middle East, so attackers are actively attacking enterprises in the region in order to enrich themselves. Italy is in the eighth position of the rating with an indicator of 4.1%.

With CII, watch out: most cyberattacks are on critical infrastructure

Does the transition of Russian enterprises to domestic software help them resist hackers?

"Basically, hackers attacked Italian companies for the purpose of extortion and blackmail," experts say.

Russia took the ninth place in this rating (3.7%).

"The number of attacks by politically motivated hacktivists on Russian companies has decreased significantly at the beginning of this year," the analysts state. "A large number of attacks by ordinary hackers who sought commercial gain have been identified."

Photo: IZVESTIA/Eduard Kornienko

Switzerland took the last place in the top ten with an indicator of 2.8%. Attacks on other countries account for 1.4%.

In general, the total number of DDoS attacks in the first quarter of 2025 increased by 110% compared to the first quarter of 2024, Dmitry Tkachev, CEO of Curator, told Izvestia.

How the hackers attacked

The largest number of DDoS attacks in the first quarter of 2025 in the world were directed at the IT and telecom segments (26.8%), fintech (22.3%) and e-commerce (21.5%), Dmitry Tkachev said.

Alexander Bleznekov, Head of Information security at Telecom Exchange, said that telecom, the financial sector and government organizations are most often attacked in Russia.

"Attacks on online stores have also increased dramatically," he said. — The fact is that such attacks are carried out not only by APT groups (advanced persistent threat, a constant serious threat). — Izvestia). DDoS can now be ordered on the darknet for little money, for example, to crash a competitor's website or get pricing information.

Photo: RIA Novosti/Kirill Kallinikov

He explained that this is used to entice dissatisfied customers who were unable to buy something on a day-to-day basis, or set lower prices for popular categories on his resource.

Mikhail Khlebunov, Director of Products at Servicepipe, noted that attacks by politically motivated hackers are actively continuing this year, but analyzing the first quarter of this year, we can talk about a change in the geography of attacks.

— This year, we see that 80% of malicious requests came from the Russian zone. The attackers used fake addresses in Russia and proxies, virtual machines. In the summer and autumn of 2024, just over 60% of the IP addresses in botnets were Russian," he said.

Photo: TASS/dpa/picture-alliance/Jens Buttner

In addition, the expert noted, in 2024, attackers chose the largest players as targets in the financial market, and in 2025, medium-sized banks became the main target. But with telecom operators, the trend is reversed.

— This year, the attackers retain the tactics of carpet attacks, which they used in 2024. Their targets are still telecom operators and credit organizations. For example, in 2025, in one of the attacks on a large telecom operator, the carpet area exceeded 3.3 thousand IP addresses," Mikhail Khlebunov said.

Alexander Bleznekov noted that DDoS attacks are becoming more and more advanced and simple filtering no longer saves, so companies are moving to layered protection, which involves the use of several complementary information security solutions. The number of protection levels may vary depending on the degree of criticality of the service and the specifics of its architecture.