China
The DDoS threat landscape is constantly evolving, and to stay ahead of adversaries, ongoing monitoring and analysis are essential to detect how they are modifying their behavior and targets. NETSCOUT monitors the global threat landscape and drills into regional and country-level statistics to ensure that adversaries inform us of near-real-time trends. The country-level analytics featured on this page are automatically generated using our global threat analysis and collection platform, ATLAS, and provide a range of benchmarks for the specified time period, such as the top vectors used in DDoS attacks, top targeted industries, most vectors used in an attack, and total attack frequency.
Max Multivector Attack
Max number of vectors seen in a single attack
19
Attack Vectors Used
1. CLDAP Amplification
2. DNS Amplification
3. L2TP Amplification
4. MS SQL RS Amplification
5. NTP Amplification
6. NetBIOS Amplification
7. RIPv1 Amplification
8. SNMP Amplification
9. SSDP Amplification
10. TCP ACK
11. TCP RST
12. TCP SYN
13. UDP
14. chargen Amplification
15. mDNS Amplification
16. memcached Amplification
17. rpcbind Amplification
Top Attack Vectors
Ts
TCP SYN
Number of Attacks
52,427
Dn
DNS Amplification
Number of Attacks
16,592
Ta
TCP ACK
Number of Attacks
10,161
Ds
DNS
Number of Attacks
4,721
Tr
TCP RST
Number of Attacks
3,687
Top Four Industries Under Attack
The following table lists the top vertical industries under attack from July 2025 to December 2025 by number of attacks.
| Rank | Vertical | Frequency | Average Duration |
|---|---|---|---|
| 1 |
Wired Telecommunications Carriers
|
42,573 | 24 Minutes |
| 2 |
Computing Infrastructure Providers Data Processing Web Hosting and Related Services
|
24,710 | 35 Minutes |
| 3 |
Wireless Telecommunications Carriers (except Satellite)
|
11,864 | 37 Minutes |
| 4 |
Book Retailers and News Dealers
|
1,484 | 22 Minutes |