In the first quarter of 2025, India, China, and the United States emerged as the leading targets for Distributed Denial of Service (DDoS) attacks, as reported by cybersecurity firm StormWall. Notably, the Asia-Pacific (APAC) region accounted for over half of all global attacks, indicating a significant shift in the landscape of cyber threats.
The StormWall report indicates that nearly 50% of DDoS attacks during this period were directed against China, India, and the United States. This represents a departure from typical targets, as attackers are now increasingly focusing on infrastructure within the APAC region, possibly influenced by geopolitical or economic motivations.
StormWall’s analytics show that India experienced the highest volume of DDoS traffic, accounting for 18.1% of the global total. This was closely followed by China at 16.2% and the United States at 14.7%. Japan and Taiwan secured the fourth and fifth positions, with DDoS traffic representing 12.3% and 10.2%, respectively. In terms of industry targeting, telecommunications topped the list in APAC, displaying a Year-Over-Year growth of 136%.
Remarkably, four of the five countries most impacted are situated within the APAC region, which now captures 57% of all malicious requests. This shift suggests that cybercriminals are currently prioritizing targets in APAC over the more traditional targets found in Europe and North America. The motivations behind this trend may be multifaceted, encompassing geopolitical dynamics and economic considerations.
Ramil Khantimirov, founder of StormWall, commented on the evolving threat landscape, noting, “While U.S. targets are historically popular due to the country’s significant GDP, the scale and concentration of activities in APAC have reached unprecedented levels.” This observation underscores the shifting focus of cyber threats in a rapidly changing world.
According to StormWall, the primary driver behind these recent DDoS attacks is botnet technology. These networks of compromised devices were responsible for approximately 70% of the DDoS traffic tracked during the first quarter of 2025. One notable botnet highlighted in the report, dubbed “Eleven11bot,” leveraged a network of 86,000 infected IP cameras and DVRs, frequently employed in politically motivated efforts.
While APAC is witnessing a rise in DDoS activities, other regions are not immune. For instance, Belgium, despite its smaller size, faced significant attacks, accounting for 9.7% of global DDoS events targeted at national digital infrastructure, including government websites. Similarly, Saudi Arabia recorded a 6.8% share of global DDoS activity, driven largely by pro-Palestinian campaigns related to ongoing regional tensions.
Though countries like Italy, Russia, and Switzerland are further down the list in attack volumes, experts emphasize that even minor spikes in activity can pose significant risks to unprepared networks. StormWall’s findings illustrate an evolving threat environment shaped by automation, political agendas, and strategic shifts, highlighting the growing urgency for businesses to bolster their cybersecurity measures.
Moreover, supplementary research from NordPass indicates that many industries continue to lag in implementing basic cybersecurity practices. Weak and commonly used passwords, such as “123456” and “passwords@,” persist in circulation, increasing vulnerability to breaches and facilitating the recruitment of additional devices into botnets.
