Sharp Increase in DDoS Attacks in Russia Linked to Activity of Offshore Gray Market Operators
Analysts at Curator reported a 60% surge in DDoS attacks during the first half of 2025. Roskomnadzor provided concrete figures: 5,400 incidents compared to 3,500 during the same period in 2024.
Rising Attack Volume: Statistics and Primary Targets
According to data from Curator and Servicepipe, the number of DDoS attacks in Russia rose by more than 60% in the first half of 2025 compared to the same period in 2024.
Roskomnadzor cites exact numbers — 5,400 attacks in the first six months of 2025 versus 3,500 a year earlier. Attacks are becoming not only more frequent but also more complex in structure.
Primary Targets
| Sector | Share of Attacks (%) |
|---|---|
| Financial Services | 22.3% |
| IT and Telecom | 21% |
| E-commerce | 20.9% |
| Betting Platforms | Peak attack intensity: 965 Gbps |
Traffic Origins and Threat Sources
A majority of the attacks — 65% — originate from outside Russia, primarily from:
- Indonesia
- United States
- Germany
- Netherlands
The remaining 35% come from infected devices located within Russia.
Attackers are increasingly using obfuscation techniques such as IP spoofing, vulnerable servers for amplification, and multivector tactics, making detection and defense significantly more difficult.
Hacker Motivation and Offshore Competitor Involvement
According to a spokesperson from Fonbet, most attacks targeting legal betting companies are linked to unregulated offshore operators trying to attract users ahead of major sporting events.
These attacks are often used as a smokescreen for more targeted cyber intrusions, especially at the application layer.
While some attacks may carry political motivations, experts at BI.ZONE note that competition from “gray market” operators is the dominant factor affecting the betting sector.
Modern DDoS Attack Patterns and Tactics
In 2025, the average duration of DDoS attacks decreased from 120 minutes to just 23 minutes, but their sophistication and impact have significantly increased.
Key characteristics include:
- Attack intensity: Up to 965 Gbps (notably in the betting sector)
- Layer-specific growth:
- L3–L4 layer attacks increased by 58%
- L7 layer attacks increased by 62.6%
- Multivector attacks: up 43%
- Attack volume: higher packets-per-second rates
Attackers often adjust strategies on the fly — starting with infrastructure-level (L3–L4) attacks, shifting to multivector attacks, and finally targeting weaker points in application infrastructure.
Industry Response and Potential Countermeasures
Sources indicate that criminal liability for DDoS attacks is under consideration and may be added to Russia’s Criminal Code.
The betting industry continues to suffer substantial financial losses, particularly during high-traffic periods around major tournaments and events.
Conclusion
DDoS attacks in 2025 have not only become more frequent but also more advanced. Offshore and “gray market” operators remain the primary sources of malicious traffic, with legal betting platforms bearing the brunt of these attacks.
The industry must seek new technological and legal solutions to minimize damage and curb malicious activity.