In 2025, DDoS activity across the Asia-Pacific region more than doubled. This surge was driven by a combination of geopolitical tensions, rapid botnet expansion, and increasingly sophisticated attack techniques.
Discover the key drivers behind the rise in DDoS attacks — and what they mean for businesses in the region — in our latest report.
You might also want to read our global 2025 DDoS report.
Key Takeaways
In 2025, DDoS attacks in the Asia-Pacific region increased by 106% year over year. For comparison, the growth rate between 2023 and 2024 was 92%. This indicates that DDoS activity in APAC is not only rising, but accelerating.
In total, StormWall’s APAC network mitigated 4.2 million DDoS attacks in 2025 — more than double the 2.04 million incidents blocked in 2024.
| Quarter | DDoS attacks mitigated | QoQ increase |
| Q1 2025 | 680,000 | — |
| Q2 2025 | 940,000 | 38.2% |
| Q3 2025 | 1.12 million | 19.1% |
| Q4 2025 | 1.46 million | 30.4% |
In Q1 and Q2, most of the attacks analyzed by StormWall were likely carried out by hacktivist groups. Many coincided with the escalation of the India–Pakistan conflict in May 2025. During the four-day military confrontation, DDoS activity surged sharply, with the number of targeted organizations increasing by more than 500% in India and over 700% in Pakistan.
Tensions in the South China Sea also contributed to heightened activity. Naval standoffs between China and the Philippines near Scarborough Shoal were followed by a wave of hacktivist attacks targeting both countries.
By late Q3 and early Q4, hacktivist activity began to decline. At the same time, we recorded a noticeable increase in financially motivated attacks — primarily DDoS campaigns aimed at extortion or business disruption. These incidents were most prevalent in the financial and retail sectors.
The average attack duration in 2025 reached 28 minutes, up from 21 minutes in 2024. The largest DDoS attack mitigated by StormWall in APAC peaked at 1.6 Tbps.
Now, let’s take a closer look at the key trends shaping the region.
Multi-Vector Attacks: Up 83% YoY
Multi-vector attacks — where attackers combine two or more techniques within a single campaign — increased by 83% in 2025, reflecting a broader global trend. In APAC, approximately 31% of all DDoS incidents involved multiple vectors.
By distributing malicious traffic across different layers and methods, attackers are able to bypass single-layer defenses and sustain pressure on their targets for extended periods.
DDoS Protection for Websites
- Activate protection in 10 minutes
- 24/7 technical support
Probing: Up 2,000× YoY
Probing — a technique in which attackers send small volumes of malicious traffic to test a target’s defenses before launching a full-scale assault — recorded the fastest growth of any method tracked in APAC, increasing approximately 2,000× year over year.
This surge far exceeds the global average growth rate of 300%, indicating that threat actors in the region are becoming far more systematic and strategic in their approach. In both the government and financial sectors, more than 50% of major incidents observed by StormWall were preceded by probing activity.
Layer 7 Attacks: Up 64% YoY
Application-layer (L7) attacks increased by 64% in 2025, highlighting a clear shift toward targeting services directly rather than merely flooding network bandwidth.
Financial institutions and e-commerce platforms experienced the highest concentration of L7 activity — a trend that aligns with the rise in financially motivated campaigns observed in the second half of the year.
Botnet Power: Devices Up 4×, Effectiveness Up 2.3×
Seven of the world’s ten largest sources of DDoS attack traffic are located in Asia. Indonesia has remained the single largest source of global DDoS traffic for more than a year, with HTTP-based attack traffic originating from the country and increasing by 31,900% since 2021.
Two botnets stand out in particular:
AISURU controls an estimated 1–4 million infected devices worldwide, including routers, cameras, DVRs, and other IoT equipment. It was responsible for two of the largest DDoS attacks ever recorded — one peaking at 29.7 Tbps in Q3 and another reaching 31.4 Tbps in Q4. AISURU operates as a DDoS-for-hire platform, allowing virtually anyone to rent attack capacity for just a few hundred dollars.
Kimwolf, discovered in October 2025, has compromised more than 1.8 million Android TV devices and set-top boxes. In just three days in November 2025, it issued 1.7 billion DDoS commands. Its blockchain-based command-and-control infrastructure makes it especially difficult to dismantle.
Read also: What Are Botnets and How Are They Used in DDoS Attacks?
Across APAC, the widespread presence of poorly secured consumer devices — including Android TVs, routers, and IP cameras — creates a broad and expanding attack surface. As a result, botnet size and overall attack power are likely to continue growing in 2026.
Research by A10 Networks supports this assessment, confirming that Asia remains the primary global source of infected devices. In 2025, the region accounted for 90% of all bots worldwide. This dominance is largely driven by the massive concentration of vulnerable IoT devices. According to A10, China and India alone host nearly 12 billion such devices — roughly three times as many as the United States.
DDoS Attacks by Vertical
Below is the distribution of DDoS attacks by industry in APAC in 2025:
The following data shows the industries with the highest year-over-year growth in DDoS activity in 2025:
To better understand these figures, it’s important to consider them in context. The financial sector experienced the largest decline in overall attack share, dropping from second place to sixth. However, this does not indicate a reduction in attacks — the sector still saw a 36% year-over-year increase. The shift in ranking simply reflects that other industries expanded even faster. In 2025, government, telecommunications, retail, and transportation accounted for a larger proportion of the region’s DDoS activity.
Which Industries Face the Highest Risk of DDoS Attacks?
The table below outlines the relative likelihood of being targeted by sector in APAC:
Note: This represents relative risk based on the observed distribution of attacks. Actual exposure may vary depending on an organization’s digital footprint, security maturity, and level of interest from threat actors.
In Detail: Top 3 Most Attacked Verticals
1. Government Sector
The government sector maintained the same 27% share of total DDoS activity as in 2024, but the overall number of attacks nearly doubled. Most of this surge occurred in the first half of the year and was closely linked to geopolitical tensions. As hacktivist campaigns subsided in the second half, the volume of attacks targeting government entities declined accordingly.
From a technical perspective, our analysts identified the following attack vectors as the most prevalent in this sector:
2. Telecommunications
The telecommunications sector moved up from third to second place, with its share of total DDoS attacks increasing from 14% in 2024 to 18% in 2025. The following table shows the most common attack vectors in this vertical:
3. Retail
Retail climbed from fifth to third place, with its share of total DDoS attacks rising from 9% to 14%. This increase reflects the broader shift toward financially motivated campaigns observed in the second half of the year. The most common attack patterns in this sector were:
DDoS Attacks by Country
Here is the distribution of DDoS attacks by country in APAC in 2025:
The most significant shifts were observed in Indonesia and Malaysia, both of which nearly doubled their share of regional attack volume. Pakistan entered the top 10, largely driven by the escalation of the May 2025 conflict, which triggered a sharp increase in DDoS activity.
By contrast, Japan, Singapore, and Hong Kong experienced notable declines. Japan saw the steepest relative drop, with its share decreasing from 10% to 3% year over year.
Summary
APAC occupies a unique position in the global DDoS landscape. It is both a primary source of global botnet traffic and an increasingly common target for attacks.
In 2024, attack volumes closely mirrored geopolitical developments — when tensions eased, activity declined.
“That dynamic is changing. The growth of commercially motivated DDoS campaigns means the baseline continues to rise regardless of political conditions. Even if regional tensions cool, DDoS activity will likely keep increasing,” says Ramil Khantimirov, Co-founder and CEO of StormWall.
Network Protection from DDoS Attacks
- Activate protection within 10 minutes
- 24/7 technical support
