Sharp Increase in DDoS Attacks in Russia Linked to Activity of Offshore Gray Market Operators

Sharp Increase in DDoS Attacks in Russia Linked to Activity of Offshore Gray Market Operators

Analysts at Curator reported a 60% surge in DDoS attacks during the first half of 2025. Roskomnadzor provided concrete figures: 5,400 incidents compared to 3,500 during the same period in 2024.

Rising Attack Volume: Statistics and Primary Targets

According to data from Curator and Servicepipe, the number of DDoS attacks in Russia rose by more than 60% in the first half of 2025 compared to the same period in 2024.

Roskomnadzor cites exact numbers — 5,400 attacks in the first six months of 2025 versus 3,500 a year earlier. Attacks are becoming not only more frequent but also more complex in structure.

Primary Targets

Sector Share of Attacks (%)
Financial Services 22.3%
IT and Telecom 21%
E-commerce 20.9%
Betting Platforms Peak attack intensity: 965 Gbps

Traffic Origins and Threat Sources

A majority of the attacks — 65% — originate from outside Russia, primarily from:

  • Indonesia
  • United States
  • Germany
  • Netherlands

The remaining 35% come from infected devices located within Russia.

Attackers are increasingly using obfuscation techniques such as IP spoofing, vulnerable servers for amplification, and multivector tactics, making detection and defense significantly more difficult.

Hacker Motivation and Offshore Competitor Involvement

According to a spokesperson from Fonbet, most attacks targeting legal betting companies are linked to unregulated offshore operators trying to attract users ahead of major sporting events.

These attacks are often used as a smokescreen for more targeted cyber intrusions, especially at the application layer.

While some attacks may carry political motivations, experts at BI.ZONE note that competition from “gray market” operators is the dominant factor affecting the betting sector.

Modern DDoS Attack Patterns and Tactics

In 2025, the average duration of DDoS attacks decreased from 120 minutes to just 23 minutes, but their sophistication and impact have significantly increased.

Key characteristics include:

  • Attack intensity: Up to 965 Gbps (notably in the betting sector)
  • Layer-specific growth:
    • L3–L4 layer attacks increased by 58%
    • L7 layer attacks increased by 62.6%
  • Multivector attacks: up 43%
  • Attack volume: higher packets-per-second rates

Attackers often adjust strategies on the fly — starting with infrastructure-level (L3–L4) attacks, shifting to multivector attacks, and finally targeting weaker points in application infrastructure.

Industry Response and Potential Countermeasures

Sources indicate that criminal liability for DDoS attacks is under consideration and may be added to Russia’s Criminal Code.

The betting industry continues to suffer substantial financial losses, particularly during high-traffic periods around major tournaments and events.

Conclusion

DDoS attacks in 2025 have not only become more frequent but also more advanced. Offshore and “gray market” operators remain the primary sources of malicious traffic, with legal betting platforms bearing the brunt of these attacks.

The industry must seek new technological and legal solutions to minimize damage and curb malicious activity.