Cloudflare reports a dramatic surge in cyberattacks targeting journalists and independent media organizations over the past year. Between May 2024 and April 2025, Cloudflare blocked nearly 109 billion malicious requests aimed at organizations protected under its Project Galileo, with attacks against journalists and news organizations accounting for 97 billion of those requests—an average of 290 million per day. This marks a 241% increase in attack volume compared to the previous year.
Types and Tactics of Attacks
The majority of these attacks were application-layer (Layer 7) distributed denial-of-service (DDoS) attacks, which attempt to overwhelm web servers and take critical sites offline. Other threats included web application firewall (WAF)-blocked exploits such as SQL injection and cross-site scripting (XSS), which typically target input fields like donation forms and comment boxes. Cloudflare observed that most of the malicious traffic to journalist sites was human-generated, not automated by bots.
Notable Incidents
• The Belarusian Investigative Center, an independent journalism outlet, was hit by a massive DDoS attack delivering 28 billion requests in a single day.
• Tech4Peace, a digital rights group, endured a 12-day campaign totaling over 2.7 billion requests, characterized by a mix of prolonged, low-intensity traffic and short, high-burst assaults—demonstrating attackers’ evolving and coordinated tactics.
• Journalists and media in regions under government pressure, especially in Russia and Belarus, were among the most frequently targeted, alongside NGOs focused on human rights, anti-racism, and workers’ rights.
Motivations and Context
Cloudflare links the spike in attacks to an increasingly hostile global climate for independent journalism and civil society, particularly in countries with authoritarian governance or during periods of political unrest. The company notes that many targeted organizations lack the resources for robust cybersecurity, making them especially vulnerable.
