NETSCOUT: Threat Actors Harness AI to Amplify DDoS Attacks

Distributed Denial-of-Service (DDoS) attacks are a form of cyberattack that overwhelms a targeted system, such as a website or network, with a surge of internet traffic, making it inaccessible to legitimate users.

These attacks have been a long-standing threat in the digital world.

New research from NETSCOUT indicates that the threat has not only persisted but has also evolved.

In NETSCOUT's 1H2025 DDoS Threat Intelligence Report, it was found that DDoS attacks continue to dominate the cybersecurity landscape, fuelled by AI, empowered hacktivists and nation-state actors who consistently weaponise these methods to undermine critical infrastructure globally.

What are hacktivists?

Hacktivists are individuals or groups who gain unauthorised access to computer systems to promote social or political objectives.

Unlike traditional cybercriminals who are motivated by financial gain, hacktivists aim to raise awareness, protest perceived injustices or urge social change.

Their tactics often include disrupting services through DDoS attacks, defacing websites, leaking sensitive data or hijacking social media accounts.

Their activities blur the line between activism and cybercrime, positioning them as significant entities in the current digital environment.

NoName057(16) is a well-known hacktivist group recognised for executing large-scale, coordinated DDoS attacks, mainly targeting governments and critical sectors.

In 2025, the group claimed responsibility for over 475 attacks in March alone, significantly outpacing the activity of other similar groups.

The severity of DDoS attacks

DDoS attacks have transformed from simple cybercrime tactics into precise and strategic digital weapons.

In the first half of 2025 alone, NETSCOUT recorded more than 8 million DDoS attacks globally, with more than 3.2 million in the EMEA region alone.

These numbers highlight the enduring presence of DDoS as a method of attack, but they only hint at the underlying changes taking place.

One of the major changes is in the scale and sophistication of the attacks.

NETSCOUT recorded more than 50 attacks exceeding a terabit per second (Tbps), including a record-breaking 3.12Tbps attack in the Netherlands.

This level of digital onslaught is now paired with technical complexity.

Multi-vector attacks, carpet-bombing tactics and AI-powered automation render traditional defences increasingly inadequate.

“As hacktivist groups leverage more automation, shared infrastructure and evolving tactics, organisations must recognise that traditional defences are no longer sufficient,” says Richard Hummel, NETSCOUT’s Director of Threat Intelligence. 

“The integration of AI assistants and the use of LLMs, such as WormGPT and FraudGPT, escalates that concern. 

“And, while the recent takedown of NoName057(16) was successful in temporarily reducing the group’s DDoS botnet activities, preventing a future return to the top DDoS hacktivist threat is not guaranteed. 

“Organisations need intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today.”

Democratising DDoS

Previously, launching a DDoS attack demanded technical expertise, but the emergence of DDoS-for-hire services has democratised access, empowering a broader array of threat actors.

Even inexperienced attackers can now launch impactful campaigns, while experienced entities deploy botnets comprising tens of thousands of compromised IoT devices, servers and routers.

This democratisation has made DDoS a cost-effective tool for hacktivists and geopolitical actors.

During the 2025 India-Pakistan and Iran-Israel conflicts, coordinated DDoS attacks severely disrupted government and financial sectors, showcasing DDoS's strategic use in modern cyberwarfare.

In June alone, more than 15,000 attacks targeted Iran, with nearly 300 affecting Israel.

AI: Supercharging attackers

While DDoS-as-a-service lowers the entry threshold, AI is amplifying the impact.

Cybercriminals are increasingly employing large language models like WormGPT and FraudGPT to generate scripts, automate reconnaissance and devise new offensive strategies.

AI-enhanced automation enables the scaling of attacks, evading detection and adapting to evolving network defences in real time.

NETSCOUT’s message

The message from NETSCOUT’s findings is clear: DDoS is not going away and traditional defences are insufficient.

Attackers innovate faster than defenders adapt. Only intelligence-driven, adaptive protection stands a chance against today’s industrial-scale, AI-driven DDoS campaigns.

For organisations and service providers, this necessitates investing in cutting-edge threat intelligence, deep-packet inspection and automated response mechanisms capable of matching attacker speed and sophistication.

With global traffic surpassing 800Tbps and an increasing number of threat actors, defending the digital landscape is becoming the central security challenge of our era.