Persistent Hacktivist Activity and AI Integration Drive EMEA DDoS Activity

The second half of 2025 saw Europe, the Middle East, and Africa (EMEA) under siege from persistent hacktivist groups. Threat actors such as Keymous+ and NoName057(16) maintained activity across the area, despite coordinated law enforcement operations designed to take down these groups.

According to NETSCOUT’s latest DDoS Threat Intelligence Report, over 8 million attacks were recorded globally, with 3,331,570 targeting EMEA, nearly twice as many as the next most heavily targeted region. Looking at the region in greater detail, additional findings from NETSCOUT’s report revealed:

—  The top five targeted countries in EMEA were: Germany, Poland, Russia, Saudi Arabia, and South Africa
—  Keymous+ conducted 249 DDoS attacks between February and September 2025. India, Sudan, Saudi Arabia, France and Morocco were among the nations most affected
—  Wireless telecommunications carriers retained their position as the most frequently targeted industry by threat actors, as the attack count rose to 1.3 million, around an eight per cent increase from the previous six months
—  Only 50 per cent of EMEA attacks in this time period contained a single vector, signifying the escalation in attack complexity as multi-vector tools become more frequently employed by adversaries

Richard Hummel, director of threat intelligence at NETSCOUT, discusses how hacktivist groups and the democratisation of cyberattacks are driving attack activity in EMEA:

“During the second half of 2025, pro-Russian hacktivist groups such as NoName057(16) and Keymous+ conducted sustained and coordinated DDoS campaigns, disrupting online services across organisations in the EMEA region. These attacks coincided with holiday traffic in Western and NATO-aligned countries, and primarily targeted the government, financial services and telecommunications sectors, reinforcing these groups’ stance against nations they deem to be acting in opposition to Russia. The DDoS attack on France’s national post office in December was a prime example of how European allies of Ukraine have become systematically targeted by hacktivists.

“Further to this, AI integration into DDoS-for-hire services has been a major catalyst in democratising DDoS attacks in the region. The entry barriers for unskilled and novice actors continue to be demolished as conversational AI and illicit LLM tools are incorporated into the attack development process. By using simple language prompts, novice actors can launch sophisticated, multi-vector campaigns, with malicious LLMs like KawaiiGPT offering these services for free.

“In response, enterprises across EMEA need to maintain increased vigilance. This necessitates organisations investing in automated detection and mitigation software and having access to the most up-to-date threat intelligence to safeguard themselves and combat against evolving, persistent DDoS threats.”