IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hacktivism and DDOS Attacks Rise Dramatically in 2022

2022 has brought a surge in distributed denial-of-service attacks as well as a dramatic rise in patriotic hacktivism. What’s ahead for these trends as the year continues?

Digital graph showing upward trend line.
According to the first half of the 2022 H1 Global Threat Analysis Report released by Radware this past week, cyber attacks have grown and evolved as a result of the Russian invasion of Ukraine. Here are two of the main findings:

DDoS attacks rise dramatically - The first six months of 2022 were marked by a significant increase in DDoS activity across the globe. Attacks ranged from cases of hacktivism to terabit attacks in Asia and the United States.

  • The number of malicious DDoS attacks climbed 203% compared to the first six months of 2021.
  • There were 60% more malicious DDoS events during the first six months of 2022 than during the entire year of 2021.
  • In May 2022, Radware mitigated a volumetric carpet-bombing attack, which represented a total volume of 2.9 PB. The attack lasted 36 hours, peaking at 1.5 Tbps with a sustained attack rate of more than 700 Gbps for more than eight hours. The combination of duration, volume, and average/sustained attack rates makes this one of the most significant DDoS attacks on record.
Patriotic hacktivism surges - During the first half of 2022, patriotic hacktivism increased dramatically.
  • Both established and newly formed pro-Ukrainian and pro-Russian cyber legions aimed to disrupt and create chaos by stealing and leaking information, defacements, and denial-of-service attacks.
  • DragonForce Malaysia, a hacktivist operation targeting Middle Eastern organizations in 2021, made a return in 2022. Its recent campaigns were political responses to national events. OpsBedil Reloaded occurred following events in Israel, and OpsPatuk was launched in reaction to public comments made by a high-profile political figure in India.
  • Major information and communication networks in the Philippines, including CNN, news network ABS-CBN, Rappler, and VERA Files, were the target of DDoS attacks in connection with the country’s 2022 general elections.


In case you think this is only one vendor reporting these dramatic rises in DDoS attacks, take a look at this article from The Register titled “Google blocks third record-breaking DDoS attack in as many months”: “Google says it has blocked the largest ever HTTPS-based distributed-denial-of-service (DDoS) attack in June, which peaked at 46 million requests per second.

“To put things in perspective, this is about 76 percent larger than the previous record DDoS attack that Cloudflare thwarted earlier that same month.

“As Googlers Emil Kiner and Satya Konduru explain: ‘That is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.’”

In addition, a Lumen press release just came out earlier this month which revealed “Lumen stops 1.06 Tbps DDoS attack in the company’s largest mitigation to date”: “Size was not the only notable element of the failed attack; it was also part of a larger campaign in which the threat actor attempted to leverage multiple techniques. These techniques are called out in the report as emerging trends in the second quarter.”

One more. Consider this Politico report which describes how the president’s office in Taiwan was hit with an attack ahead of Nancy Pelosi’s visit there on Aug. 2: “The attack took place hours ahead of House Speaker Nancy Pelosi’s visit to Taiwan. The Chinese government threatened to take action to respond to the trip, and Taiwan is reportedly readying air raid shelters in anticipation of a potential Chinese attack. …

“Taiwan Presidential Office spokesperson Chang Tun-Han confirmed the DDoS attack on the office in a post on Facebook, noting that the DDoS attack consisted of 200 times more traffic to the website than normal, and it was carried out by a group from outside Taiwan.”


I first started seeing this hacktivism theme emerge as a growing serious issue in 2016. In this article, I described how hacktivism has become a mainstream force impacting millions of lives globally. “Hacking for a cause” has now become a weapon that transcends far beyond “antisocial geek misfit” boundaries. From the Democratic National Committee (DNC) email hack to the Panama Papers, a surge in new hacktivism is now the top anti-establishment online tool for achieving a diverse set of causes around the globe.

The same topic was picked up the next year by TechCrunch. As they wrote, “Regardless of whether you can relate to any of these cyber analogies, hacking for a cause is set to explode into a complex set of state and local government challenges.

“It certainly appears that we have now entered a new period where ‘hackers with a cause’ will shape the global dialog on everything from international relations to financial reporting to local politics in the same ways that protesters shaped such topics as civil rights and climate change in the past.

“In a sentence: Hacktivism is becoming the new, digital ‘March on Washington, D.C.’”

Earlier this year, I wrote this piece on how “Hacktivism Against States Grows After Overturn of Roe v. Wade.”

In another article on the same topic, Stateline covered these trends in even more detail in an article titled “Abortion Rights Hacktivists Strike States with Bans”: “An abortion rights hacktivist group says it launched cyberattacks against Arkansas and Kentucky state governments and leaked files from their servers to protest their bans on abortion after the U.S. Supreme Court’s recent decision to overturn Roe v. Wade.

“The group, which calls itself SiegedSec, said it hacked the two states because it was angry about their bans.

“‘THE ATTACKS WILL CONTINUE!’ the group posted on a Telegram channel. ‘Our main targets are any pro-life entities, including government servers of the states with anti-abortion laws.’”


As with many trends in the cybersecurity world, I believe this will only accelerate in the months and years ahead.

State and local governments need to take this trend seriously and take steps to be prepared for more likely DDoS attacks and hacktivism to occur from a wide variety of disparate sources.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.