DieNet, a newly emerged hacktivist group, has claimed responsibility for more than 60 distributed denial-of-service (DDoS) attacks in just two months, including its most recent and widely reported action: the global disruption of X (formerly Twitter).
According toNETSCOUT, a leading provider of enterprise performance management, carrier service assurance, cybersecurity and DDoS protection solutions, the DieNet group announced itself on March 7, 2025, via a now-banned Telegram channel, and its targets span transportation, energy, medical systems and digital commerce.
DieNet has leveraged DDoS-as-a-service infrastructure, commonly shared with other groups such as OverFlame and DenBots Proof, to launch ideologically driven attacks against the US, Iraq, Israel, Sweden, and Egypt to date.
And, although the group claims some success, it is often difficult to validate whether the attacks have had any impact on the targets.
“However, their scale and frequency – often allegedly averaging one attack per day – expose the ease with which new actors can exploit widely accessible rented infrastructure to launch their own DDoS campaigns,” says regional director for Africa at NETSCOUT Bryan Hamman, “and this is something that should raise concern across Africa.
“Local organisations are increasingly being targeted by DDoS and other cyberattacks, particularly in sectors like telecoms, government and financial services.”
“The rapid mobilisation and global scale of groups like DieNet highlight just how easily bad actors can take advantage of available tools to disrupt services on any continent, including ours.”
Since its emergence earlier this year, DieNet has gained visibility through other known active threat actor organisations, such as Mr. Hamza, Sylhet Gang-SG and LazaGrad Hack.
The attack methods are characterised by a mixture of vectors such as TCP RST, DNS amplification, TCP Syn and NTP amplification. The chosen vectors and attack patterns vary between targets.
Despite DieNet’s claims, NETSCOUT’s analysis reveals no evidence of a proprietary botnet. Instead, the group appears to rely on the same attack infrastructure used by other threat actors, reinforcing the risk posed by DDoS-as-a-service ecosystems.
The tactics used by DieNet demonstrate how easily malicious actors can launch attacks using widely accessible platforms, without needing large-scale technical infrastructure, comments Hamman.
“What’s clear is that organisations in Africa can no longer afford a reactive approach,” adds Hamman. “Early detection, real-time visibility and proactive mitigation are critical to staying one step ahead of cyber criminals.”
For more information about NETSCOUT’s cybersecurity and DDoS protection solutions visit here.
