DDoS Attacks on Russian Companies Rise 11% in 2025
In 2025, the number of DDoS attacks targeting Russian enterprises increased by 11% to reach 665,300. On average, each organization faced 931 attacks.
According to Solar Group (Solar), the highest hacker activity was recorded in March, May and September, with peak attack capacity reaching 11 Tbps. Telecom, IT, financial, industrial and government entities are increasingly targeted. DDoS has become a persistent layer of background risk across Russia’s digital economy.
The data reflects not only a rise in attack volume but also a shift in tactics. Attackers are conserving resources for politically and infrastructure-critical moments, while DDoS is increasingly embedded within broader, multi-stage intrusions. Standalone anti-DDoS services are no longer sufficient without web application protection and continuous monitoring.
Solar’s findings point to growing demand for Russian cybersecurity services and cloud-based protection models. This supports continued investment in telecom security, traffic filtering and anti-DDoS platforms.
Analyzing attack patterns is expected to improve the stability of government services, banking platforms and communications networks during peak loads, reducing the risk of large-scale disruptions. The ability to withstand attacks also signals the maturity of Russia’s cybersecurity market. The resilience of the digital economy is increasingly tied to domestic cybersecurity capabilities.
Globally, the data aligns with a broader trend: DDoS attacks are being used more frequently and at greater scale as a tool to pressure government services. The Russian case reflects a wider shift toward more aggressive forms of cyber conflict.
Cyber Resilience as a Federal Priority
In the near term, demand for comprehensive online perimeter protection is expected to grow. The market will expand not only in anti-DDoS but also in adjacent segments such as WAF, API protection, SOC/MDR and anti-bot systems. Telecom, IT, banking, government, industrial, logistics and energy sectors are leading this shift. Regions are becoming increasingly attractive targets for attackers, making cyber resilience a nationwide priority rather than a localized concern.
Export potential for this expertise remains limited, with opportunities mainly in CIS countries and parts of the Global South, where demand exists for service expertise, workforce training and secure infrastructure models. The most realistic scenario is the expansion of Russian cybersecurity capabilities into friendly jurisdictions through consulting, joint projects with telecom operators and training programs, rather than global product expansion.
From Incidents to System-Level Policy
A turning point in cyber pressure on Russian digital platforms can be traced to the large-scale DDoS attack on Gosuslugi (public services portal) in 2022. Calls to target the platform and e-government infrastructure circulated in Ukraine, and peak load reached 340,000 requests per second.
Attacks have not subsided but have evolved into a new phase. In 2024, 508,000 DDoS attacks were recorded against Russian organizations – nearly double the 2023 figure. By the end of 2024, attack capacity had also increased, with peaks reaching 1,317 Gbps. Financial institutions, IT companies, government entities and telecom operators were the most targeted sectors.
In the first half of 2024, the total number of DDoS attacks reached 355,000 – 16% higher than the full-year total for 2023. Peak attack power increased nearly sevenfold to 1.2 Tbps. Attacks on energy companies rose 19-fold. The market faced sustained high pressure. The issue has moved beyond isolated cybersecurity incidents into the realm of systemic public policy. In the first half of 2024 alone, the national communications network monitoring center mitigated 512 major DDoS attacks, compared with 185 for all of 2023.
Russian data also fits into a broader global pattern. According to Cloudflare, more than 420 attacks exceeding 1 Tbps were recorded in the fourth quarter of 2024, up 1,885% from the previous quarter. Over the full year, Cloudflare blocked 21.3 million DDoS attacks – a 53% increase year over year.
Sovereignty and Stability at Stake
Solar’s report highlights a clear convergence of DDoS, web-based attacks and coordinated pressure on critical services during sensitive periods. In Russia, DDoS has moved beyond background noise and is now a marker of digital economy maturity.
In 2026, the market is expected to continue shifting toward integrated protection models. Anti-DDoS will increasingly be bundled with WAF, anti-bot, API protection, SOC/MDR and threat analytics. Customers will prioritize not only the ability to mitigate attacks but also to maintain service availability without degrading user experience.
For Russia as a whole and for businesses in particular, the effectiveness of domestic anti-DDoS infrastructure remains a matter of sovereignty, stability and operational continuity. While large-scale global export is unlikely, expertise can be deployed in CIS and other friendly markets.
