StormWall Reveals India, China and US Faced Most DDoS Attacks in Q1 2025

India, China and the US were the top DDoS attacks targets in Q1 2025, with APAC facing over half of global attacks, according to new data from cybersecurity firm StormWall.

A new report from cybersecurity firm StormWall reveals that nearly half of all DDoS attacks in the first quarter of 2025 were aimed at China, India and the United States. Instead of focusing heavily on the usual targets, attackers are now directing more of their efforts toward infrastructure in the Asia-Pacific region.

According to StormWall’s analytics center, India topped the chart with 18.1% of the global DDoS traffic, followed by China at 16.2% and the US at 14.7%. Japan (12.3%) and Taiwan (10.2%) rounded out the top five. When it comes to industry-wise attacks, Telecommunications became the top target in APAC, with 136% year-over-year (YOY) growth.

Four of the five most targeted countries now sit in the APAC region, with 57% of all malicious requests focused there. This shows that attackers are moving their focus away from the usual targets in Europe and North America, at least for now. The reasons may be geopolitical, economic, or a combination of both.

“You can always count on US targets attracting a lot of attention,” said Ramil Khantimirov, founder of StormWall. It’s the world’s largest GDP and hackers are always going to target that, but we’ve never seen so much activity in APAC and so densely concentrated.”

According to StormWall’s report shared with Hackread.com ahead of publishing on Thursday, the main force behind these attacks is botnets. These networks of infected devices were responsible for nearly 70% of all DDoS traffic tracked by StormWall in the first quarter of 2025.

Botnets, often run by state-sponsored groups, hacktivists, or organized cyber criminals, allow attackers to direct massive traffic at targeted systems. One such botnet identified in the report, named “Eleven11bot,” used a network of 86,000 compromised IP cameras and DVRs. It was frequently used in politically motivated campaigns.

While APAC faced an increase in DDoS attacks, other regions haven’t been spared. Belgium, though much smaller, experienced significant attacks, with 9.7% of global DDoS activity aimed at its national digital infrastructure, including MyGov.be and the Walloon Parliament. Saudi Arabia was also hit hard, at 6.8%, largely due to pro-Palestinian attacks linked to ongoing regional tensions.

Countries like Italy, Russia, and Switzerland appeared further down the list with lower attack volumes, but experts caution that even minor increases in activity can pose serious threats to unprepared networks.

StormWall’s data paints a picture of a fast-evolving threat environment, driven by automation, political motives, and shifting strategic interests. While botnet-powered campaigns grow in scale, the need for mitigation services is more important than ever.

However, separate research from NordPass shows that many industries still fall short on basic cybersecurity. In most cases, weak and easily guessed passwords like 123456 and passwords@, are still in use, making systems vulnerable to breaches and turning devices into part of larger botnets.