A new hacktivist group known as DieNet has claimed responsibility for more than 60 distributed denial-of-service [DDoS] attacks in just two months, including its most high-profile target to date: a global disruption of X.
According to cybersecurity intelligence from NETSCOUT, DieNet announced its emergence on March 7, 2025, via a now-banned Telegram channel. Since then, the group has aggressively targeted critical infrastructure across the transportation, energy, healthcare, and e-commerce sectors.
Operating through DDoS-as-a-service platforms shared with other known actors like OverFlame and DenBots Proof DieNet has mounted ideologically motivated attacks on entities in the U.S., Iraq, Israel, Sweden, and Egypt. Although the tangible impact of many attacks remains unverified, the sheer volume and global reach signal an alarming trend.
“DieNet’s tactics show just how easily bad actors can weaponise rented infrastructure to launch coordinated, high-frequency attacks,” says Bryan Hamman, regional director for Africa at NETSCOUT. “This should be a wake-up call for Africa, where telecom, government, and financial sectors are increasingly under threat.”
DieNet has also gained notoriety through its association with other threat groups like Mr. Hamza, Sylhet Gang-SG, and LazaGrad Hack. Its attack vectors include TCP RST, DNS amplification, TCP SYN floods, and NTP amplification, with techniques varying by target.
Despite the scale of its claims, NETSCOUT’s threat analysis finds no evidence of DieNet operating a proprietary botnet. Instead, the group appears to be leveraging shared tools from a growing DDoS-as-a-service ecosystem highlighting the increasing ease with which even low-resourced actors can disrupt services worldwide.
“The playbook for cyberattacks is no longer limited to elite hackers,” Hamman adds. “Real-time visibility, early threat detection, and proactive mitigation strategies are now essential not optional for any organisation looking to defend against modern cyber threats.”
