DDoS Attacks Surge 241% Targeting Civil Society Online

Cloudflare commemorates the 11th anniversary of Project Galileo, its flagship initiative providing free cybersecurity protection to at-risk public-interest organisations worldwide. Since its launch in June 2014, the programme has defended journalists, human rights groups, independent media, environmental activists, and others working on the frontlines of democracy, civil society, and environmental justice.
Highlights of Project Galileo’s Eleventh Year:
- An interactive Cloudflare Radar report offering insights into the cyber threats faced by at-risk public interest organisations protected under the initiative.
- An expanded commitment to digital rights in the Asia-Pacific region with the addition of two new Project Galileo partners.
- New stories from organisations protected by Project Galileo, working on the frontlines of civil society, human rights, and journalism around the world.
Tracking and reporting on cyberattacks with the Project Galileo 11th Anniversary Radar Report
To mark Project Galileo’s 11th anniversary, Cloudflare has published a new Radar report sharing data on cyberattacks targeting organisations under the programme’s protection. The report offers insights into the types of threats these groups face, aiming to better support researchers, civil society, and vulnerable communities by promoting effective cybersecurity practices. Key findings include:
A rising trend in DDoS attacks against these organisations, now more common than attempts to exploit conventional web application vulnerabilities.
Between 1 May 2024 and 31 March 2025, Cloudflare blocked 108.9 billion cyber threats targeting organisations protected by Project Galileo — an average of nearly 325.2 million cyberattacks per day over the 11-month period, representing a 241% increase compared to the 2024 Radar report.
Journalists and news organisations experienced the highest volume of attacks, with over 97 billion requests blocked across 315 organisations. The peak in attack traffic was recorded on 28 September 2024. The Human Rights/Civil Society Organisations category ranked second, with 8.9 billion requests blocked, peaking on 8 October 2024.
Cloudflare onboarded the Belarusian Investigative Center — an independent journalism organisation — on 27 September 2024, while it was already under attack. A major application-layer DDoS attack followed on 28 September, generating over 28 billion requests in a single day.
Many of the targeted entities were investigative journalism outlets operating in regions under government pressure (such as Russia and Belarus), along with NGOs focused on combating racism and extremism, and advocating for workers’ rights.
Tech4Peace, a human rights organisation focused on digital rights, faced a sustained 12-day attack beginning on 10 March 2025, which delivered over 2.7 billion requests. The attack involved prolonged, lower-intensity activity punctuated by short, high-intensity bursts — a deliberate variation in tactics suggesting a coordinated and adaptive strategy from attackers.