Indonesia experienced a dramatic surge in cyberattacks throughout 2025, culminating in its designation as the world’s largest source of spam and malware by AwanPintar.id, a national cyber threat intelligence platform. The findings, detailed in the report “Indonesia Waspada: Ancaman Digital di Indonesia Semester 2 Tahun 2025” released February 11, 2026, reveal a rapidly escalating digital threat landscape.
The report documented a total of 234,528,187 cyberattacks in the second half of 2025, averaging approximately 15 attacks per second. This represents a 75.76 percent increase compared to the first six months of the year. December 2025 alone saw over 90 million incidents, attributed to a spike in Distributed Denial of Service (DDoS) attacks and increased digital transactions during the holiday season.
“Cyberattack actors within the country are no longer operating individually, but are beginning to demonstrate a pattern of organized cooperation to target public services and economic platforms,” stated Yudhi Kukuh, Founder of AwanPintar.id.
Indonesia’s contribution to global spam distribution rose sharply to 56.29 percent in the second half of 2025, a significant increase from 21.45 percent in the first half. The country also accounted for 61.32 percent of malware originating from identified sources. AwanPintar.id’s data suggests a widespread compromise of servers, personal computers, and Internet of Things (IoT) devices within Indonesia, which are then exploited to launch attacks.
The report also highlighted a 57.74 percent increase in attempts to gain administrator privileges on Windows systems. Exploitation of vulnerabilities in network infrastructure and Virtual Private Networks (VPNs) also saw a substantial rise. Attackers are increasingly targeting network protocols and critical infrastructure, including systems used by minor businesses and individual consumers.
Specifically, the vulnerability CVE-2020-11900, related to the TCP/IP stack Treck, experienced a surge in exploitation, increasing from 1.39 percent to 22.97 percent. Exploitation of CVE-2018-13379, targeting Fortinet VPN infrastructure, reached 20.12 percent. Security breaches also targeted vulnerabilities associated with React Server Components in modern web development.
AwanPintar.id observed a growing trend of attackers rapidly exploiting newly disclosed vulnerabilities, including Common Vulnerabilities and Exposures (CVEs) released in 2025 and exploited within the same month, particularly on IoT devices and communication systems. In the first half of 2025, AwanPintar.id recorded 133,439,209 cyberattacks, or an average of 9 attacks per second, a decrease of 94.66 percent from the 2.499.486.085 attacks recorded in the first half of 2024.
In response to these findings, AwanPintar.id recommends that companies immediately update the firmware of network devices, conduct VPN access audits, and prioritize security updates for publicly accessible services. Kukuh emphasized that national cybersecurity resilience is at a critical juncture, stating that passive defense is no longer sufficient to address the evolving complexity of threats. The platform urges industry and businesses to adopt a more proactive digital security culture, including rigorous vulnerability management.
/data/photo/2024/05/13/6641c94f1555a.png){kind=link}