Intense DDoS Attack Activity by RED Security: Over 3,900 Incidents Reported in the Initial Half of the Year
The Far East Federal District of Russia has witnessed a surge in Distributed Denial of Service (DDoS) attacks, primarily targeting critical information infrastructure (CII), according to recent reports. This trend aligns with the broader national trends of intensified cyber threats that have emerged since 2022.
Mikhail Gorshilin, head of the managed security services department at RED Security Company, has emphasized the importance of technical protection measures in controlling the risks posed by DDoS attacks. He has also highlighted that these attacks have transitioned into a tool not only for political but also for economic pressure.
The increase in DDoS attacks can be attributed to several factors. The growing dependence on digital infrastructure in critical sectors like healthcare, government, and industry makes them frequent targets, aiming to disrupt essential services and business continuity. Moreover, the evolution of Russian cyber capabilities, demonstrated in earlier conflicts such as in Georgia (2008) and Ukraine, has shown a persistent use of cyberattacks, including DDoS, as part of hybrid warfare strategies.
Weak cybersecurity defenses in many organizations within Russia exacerbate the susceptibility to DDoS and other intrusions. Roskomnadzor reported that 90% of organizations lack adequate protection against external cyberattacks.
In 2024, there was a steep rise in highly critical cyberattacks, increasing by 66%, with about 70% aimed at CII. The attacks have become increasingly sophisticated, with volumetric DDoS to overwhelm traffic channels and more advanced intrusion techniques like SQL injections.
To combat these threats, regulatory updates are being implemented. Russia's FSTEC is imposing stricter data retention rules on CII entities, requiring them to store detailed attack logs for three years to facilitate attack analysis and attribution. Other measures include expanding data pipeline capacity in critical networks, developing comprehensive incident databases, and focusing on strengthening cybersecurity awareness and infrastructure resilience.
The Far East Federal District ranked fifth among Russia's federal districts in the number of DDoS attacks, accounting for 13.7% of the total attacks on regions. Approximately four thousand DDoS attacks were repelled in the district using the RED Security Anti-DDoS service. The district experienced a peak in hacker activity in May and June, with approximately 2,500 DDoS attacks recorded during these months.
Notably, the most powerful DDoS attack in the district reached 141 Gbps at its peak, while the longest DDoS attack lasted more than 20 hours, targeting resources of a telecommunications company located in Khabarovsk.
Analysts attribute the increase in hacker activity in the district to the increased availability of tools for conducting DDoS attacks and hacktivism. However, no major natural events, such as seismic events, have disrupted subsea communication cables in the region so far in 2025, ensuring stable data channels for defense and mitigation efforts.
Gorshilin's statement suggests that DDoS attacks are becoming a tool for economic extortion, with criminals demanding ransom from companies. The IT, telecommunications, and industrial sectors, as well as the public sector, were the main targets of cybercriminals in the first half of 2025 in the district. Hackers most frequently targeted the operation of web resources located in Vladivostok and Khabarovsk in the district.
As the cyber threat landscape continues to evolve, it is crucial for businesses and governments to remain vigilant and invest in robust cybersecurity measures to protect against these disruptive attacks.
Technology advances have contributed to the rise in DDoS attacks in the Far East Federal District, making critical infrastructure more vulnerable to cyberattacks. To mitigate these risks, Gorshilin advocates for the implementation of technical protection measures and improved cybersecurity due to DDoS attacks becoming not only political tools but economic extortion methods.
