• Netscout has just published its Threat Intelligence Report for the first half of 2025
• It finds that telcos are significant targets of threat actors’ efforts, facing an onslaught of DDoS attacks
• Traditional defences are no longer enough as criminals make use of AI

Cyberattacks, data breaches and other security incidents have become the bane of telcos’ lives in the past few years. Recent egregious examples include the cybersecurity breach at SK Telecom, which continues to suffer the repercussions on its business to this day. 

It will come as no surprise that telecoms carriers are also significant targets for distributed denial of service (DDoS) attacks, according to a new report from Netscout Systems, which it should be pointed out is a provider of solutions that aim to protect companies against such attacks.

A DDoS attack is defined as an attempt to exhaust the resources available to a network, application or service so that genuine users cannot gain access. In other words, they are designed to force a website, computer or online service offline by flooding the target with so many requests that they are unable to respond.

According to Netscout, service providers have found themselves the main target of DDoS attacks as threat actors use them as a tool to drive geopolitical cyber warfare. It notes that cybercriminals take aim at telcos “due to their vital role in facilitating communication – both across critical infrastructure services and everyday connectivity among customers”.

Telcos a key target

Netscout monitored more than 8 million DDoS attacks globally in the first half of 2025, including more than 3.2 million in Europe, the Middle East and Africa (EMEA). It said it monitors tens of thousands of daily DDoS attacks by tracking multiple botnets and DDoS-for-hire services that leverage millions of abused or compromised devices.

Without mincing its words, Netscout warns that DDoS attacks have evolved into “precision-guided weapons of geopolitical influence capable of destabilising critical infrastructure”, adding that ‘hacktivist’ groups like NoName057(16) orchestrated hundreds of coordinated strikes each month, targeting the communications, transportation, energy and defence sectors. 

“By targeting telecoms providers, cybercriminals can target a key facilitator of countless critical services – especially as organisations spanning all industries rely on constant connectivity,” Netscout observed. 

A glance at the regional highlights lays bare the threat to telcos. In EMEA, wireless network operators ranked as the most targeted vertical industry in the first half of 2025, followed by wired (fixed line) operators. Worryingly, the number of attacks on wireless carriers surged in the region compared to the previous year, rising to over 1.21 million from 529,185, as the chart below shows.
 

A similar trend was evident in Asia Pacific and Latin America. In North America, fixed-line operators were the most targeted vertical industry, with wireless operators in fifth place.  

At a country level, the 10 markets where wireless operators have been most under attack are Poland, Japan, Brazil, South Africa, Oman, Malaysia, India, Cyrus, Republic of Korea and Morocco. In terms of fixed-line operators, the US was top, followed by Canada, Saudi Arabia, Poland, Republic of Korea, Romania, India, France, China and the UK. 

Richard Hummel, director of threat intelligence at Netscout, warned that organisations must recognise that traditional defences are no longer sufficient as hacktivist groups leverage more automation, shared infrastructure and evolving tactics.

As he points out, criminals are also making far more use of artificial intelligence to refine their strategies, with the integration of AI assistants and the use of large language models (LLMs), such as WormGPT and FraudGPT.

“Organisations need intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today,” pitched Hummel.

Efforts by law enforcement groups to target hacktivist groups can be successful, as illustrated by the recent takedown of NoName057(16). However, preventing its future return to the top DDoS hacktivist threat is not guaranteed, said Hummel. He remarked that organisations need “intelligence-driven, proven DDoS defences that can deal with the sophisticated attacks we see today”.

Meanwhile, other vendors have been introducing greater DDoS protection levels for telcos and others. For example, Nokia offers the Deepfield DDoS Defender product for network security and has expanded its protection measures. In 2024, it noted that DDoS attacks had become more frequent, sophisticated and potent over the previous two years with some operators registering over 100 attacks daily.

In July, UK-based Neos Networks launched advanced DDoS Mitigation as an integrated feature of its Dedicated Internet Access (DIA) service.

- Anne Morris, Contributing Editor, TelecomTV