DieNet, a newly emerged hacktivist group, has claimed responsibility for more than 60 distributed denial-of-service (DDoS) attacks in just two months, including its most recent and widely reported action: the global disruption of X (formerly Twitter).

According to NETSCOUT, the DieNet group announced itself on 7 March 2025, via a now-banned Telegram channel, and its targets span transportation, energy, medical systems and digital commerce.

DieNet has leveraged DDoS-as-a-service infrastructure, commonly shared with other groups such as OverFlame and DenBots Proof, to launch ideologically driven attacks against the US, Iraq, Israel, Sweden, and Egypt to date. And, although the group claims some success, it is often difficult to validate whether the attacks have had any impact on the targets. 

“However, their scale and frequency – often allegedly averaging one attack per day – expose the ease with which new actors can exploit widely accessible rented infrastructure to launch their own DDoS campaigns,” says Bryan Hamman, regional director: Africa at NETSCOUT, “and this is something that should raise concern across Africa.” 

“Local organisations are increasingly being targeted by DDoS and other cyberattacks, particularly in sectors like telecoms, government and financial services. The rapid mobilisation and global scale of groups like DieNet highlight just how easily bad actors can take advantage of available tools to disrupt services on any continent, including ours.”

Since its emergence earlier this year, DieNet has gained visibility through other known active threat actor organisations, such as Mr. Hamza, Sylhet Gang-SG and LazaGrad Hack. Its attack methods are characterised by a mixture of vectors such as TCP RST, DNS amplification, TCP Syn and NTP amplification. The chosen vectors and attack patterns vary between targets.

Despite DieNet’s claims, NETSCOUT’s analysis reveals no evidence of a proprietary botnet. Instead, the group appears to rely on the same attack infrastructure used by other threat actors, reinforcing the risk posed by DDoS-as-a-service ecosystems.

The tactics used by DieNet demonstrate how easily malicious actors can launch attacks using widely accessible platforms, without needing large-scale technical infrastructure, comments Hamman.

“What’s clear is that organisations in Africa can no longer afford a reactive approach,” he adds. “Early detection, real-time visibility and proactive mitigation are critical to staying one step ahead of cyber criminals.”