Cyberattacks on Civil Society Surge Worldwide as Journalists, Human Rights Groups Face Growing Digital Threats: Cloudflare Report

New Delhi: Civil society organizations across the world are facing an unprecedented wave of cyberattacks, with journalists, human rights defenders, environmental advocates and social welfare groups increasingly becoming prime targets of digital disruption campaigns, according to Cloudflare’s latest annual Project Galileo report.

The report paints a troubling picture of an evolving cyber threat landscape in which organizations working to promote transparency, democracy, human rights and independent journalism are being attacked more frequently and with greater intensity than other internet users. Cloudflare’s findings are based on data gathered from more than 3,400 protected organizations operating across 120 countries under Project Galileo, the company’s initiative that provides free cybersecurity services to vulnerable public-interest organizations.

DDoS Attacks Remain the Weapon of Choice

Distributed Denial-of-Service (DDoS) attacks emerged as the most prevalent threat, accounting for an overwhelming 81.7 percent of all malicious traffic directed at civil society organizations. During the reporting period, Cloudflare mitigated approximately 31.43 billion malicious DDoS requests targeting these groups.

What distinguishes attacks against civil society organizations is not necessarily their size, but their persistence. While most DDoS attacks across the internet end within minutes, the largest attacks targeting civil society groups often stretched over several days or even weeks.

One notable example involved Iraq-based digital rights organization Tech4Peace, which endured an eight-day cyberattack involving 2.6 billion malicious requests. The attack reportedly followed the publication of content debunking AI-generated misinformation involving a Syrian political figure.

Similarly, humanitarian organization Wahana Visi Indonesia suffered a three-day attack involving nearly 4.9 billion malicious requests, while the UK’s Refugee Council faced a prolonged attack lasting more than seven days. These incidents indicate that attackers are increasingly employing sustained campaigns designed to exhaust defenders and evade conventional security measures.

Independent Media in the Crosshairs

Among all sectors studied, media organizations faced the highest level of cyber aggression. Although journalism organizations represented only 22.7 percent of the groups protected under Project Galileo, they accounted for 40.5 percent of all website vulnerability attacks. On average, Cloudflare blocked a malicious request probing a media organization every seven seconds.

The report highlights how cyberattacks are increasingly being used to disrupt the dissemination of independent information.

Journalists operating in exile were particularly vulnerable. According to the report, malicious traffic targeting exiled media organizations was nearly four times higher than that directed at journalism organizations overall.

Cloudflare cited the case of Cuban independent media outlet elTOQUE, which experienced a major DDoS attack in December 2025 involving over 426 million malicious requests. The outlet believes the attack was linked to its popular currency-tracking platform that compares the Cuban peso against foreign currencies. During the same period, access to the website was reportedly blocked within Cuba.

Another prominent target was The Moscow Times, which operates in exile following restrictions imposed by Russian authorities. The publication faced a significant DDoS attack involving more than 123 million malicious requests in July 2025.

Website Vulnerability Exploitation on the Rise

Beyond denial-of-service attacks, cybercriminals increasingly attempted to exploit vulnerabilities in websites and online applications.

The report found that civil society organizations faced website vulnerability attacks at a rate more than seven times higher than other Cloudflare customers. These attacks typically target flaws in software, websites and databases to gain unauthorized access, steal sensitive information or disrupt operations.

Media organizations again emerged as the most heavily targeted category, facing an average of 4.5 million malicious probing attempts per organization during the study period. Common attack techniques included HTTP anomalies, SQL injection attempts and automated vulnerability scanners.

For journalists and activists, successful intrusions can have serious real-world consequences, potentially exposing confidential sources, whistleblowers, activists and staff members to surveillance, harassment or prosecution.

Phishing Attacks Becoming More Sophisticated

Email-based attacks remain a major concern.

Cloudflare analyzed approximately 29 million emails sent to civil society organizations and found that nearly 10 percent contained potential phishing content. In total, the company identified 2.8 million suspicious emails, including 1.2 million classified as highly malicious.

Alarmingly, nearly one-third of these malicious emails were able to bypass traditional authentication checks before being detected by more advanced security systems. This trend suggests that attackers are becoming increasingly adept at evading conventional cybersecurity defenses.

The most common phishing techniques included deceptive links, identity impersonation and brand spoofing. Frequently impersonated brands included Apple, DocuSign, Datadog, American Express and Intuit. Many attacks relied on newly registered domains, making detection more difficult.

The report also warns that artificial intelligence is likely to amplify the threat. AI tools can enable attackers to generate highly personalized phishing emails at scale, making social engineering campaigns more convincing and effective.

Internet Shutdowns Increasingly Used During Sensitive Events

The report also sheds light on a growing trend of government-linked internet disruptions.

Cloudflare detected 183 internet disruptions worldwide during the reporting period, of which 85 were attributed through public reporting to government action. These restrictions frequently coincided with elections, public protests, armed conflicts and student examinations.

In Uganda, authorities reportedly ordered restrictions on internet services ahead of a national election, resulting in a 95 percent drop in internet traffic within 30 minutes. Civil society groups argued that the shutdown hampered independent election monitoring, fundraising and public communication. The country’s economy was estimated to have lost approximately $16 million during the disruption.

Iran witnessed eight government-linked internet shutdowns during the study period. In one instance, internet traffic fell by nearly 90 percent before dropping almost completely to zero, effectively disconnecting the country from the global internet. Civil society groups reported that the restrictions hindered efforts to document protests and alleged abuses.

Democracy’s Digital Defenders Under Pressure

Cloudflare argues that civil society organizations occupy a unique position in the digital ecosystem. Unlike many businesses that primarily face financially motivated cybercrime, these groups are often targeted because of the public-interest work they perform.

The report concludes that cyberattacks frequently coincide with critical moments such as investigative reporting, advocacy campaigns, elections and major public events—suggesting deliberate efforts to suppress information and disrupt civic engagement.

As artificial intelligence accelerates both offensive and defensive cyber capabilities, Cloudflare calls for broader access to cybersecurity services, greater transparency around cyberattacks and internet shutdowns, and wider deployment of advanced AI-powered security tools for vulnerable organizations.

For journalists, activists and civil society groups working on the frontlines of democracy and accountability, the report serves as a stark reminder that the battle for civic space is increasingly being fought in cyberspace as much as on the ground.