A major wave of cyberattacks on Tempo has disrupted access to one of Indonesia’s leading news websites, with the media outlet reporting millions of malicious requests directed at its servers over several days. The Tempo cyberattack, which began on Friday, June 5, 2026, involved a distributed denial-of-service (DDoS) assault designed to overwhelm the company’s infrastructure and hinder public access to its journalism.
According to Tempo’s technology team, the attacks generated an extraordinary volume of fake internet traffic, placing significant pressure on the organization’s servers and temporarily affecting the availability of the website for readers in Indonesia and elsewhere.
24.9 Million Requests Recorded During Cyberattacks on Tempo
Tempo Digital Chief Technology Officer Heru Tjatur Tjahja said the cyberattacks on Tempo had reached an unprecedented scale. By Monday, June 8, 2026, the company’s monitoring systems had logged a total of 24.9 million requests aimed at its servers.
“The total attacks flooding our website as of June 8 reached 24.9 million requests,” Tjahja said on Monday, June 8, 2026.
The Tempo cyberattack relied on bot-generated traffic, a common tactic used in DDoS incidents. Such attacks typically involve networks of compromised devices sending enormous numbers of requests simultaneously, overwhelming targeted systems and making websites difficult or impossible to access.
Tjahja explained that preliminary findings indicated the attacks occurred intermittently but intensified dramatically during certain periods.
Largest Wave Hit During Evening Hours
The investigation into the cyberattacks on Tempo revealed a pattern in the timing of the attacks. According to Tjahja, the attackers frequently launched their operations during evening and early morning hours, when activity surged sharply.
One of the most significant attack waves occurred between 8:30 p.m. and midnight. During that period alone, Tempo recorded 12.97 million attack requests within a span of just two hours.
“For example, the first major wave consisted of 12.97 million attacks in only two hours. From 8:30 p.m. until midnight, the attackers carried out a digital assault,” he said.
The intensity of the attack highlighted the scale of resources being used against the Indonesian media organization.
Attack Traffic Traced Beyond Indonesia
Early analysis conducted by Tempo’s technology team suggested that the sources of the malicious traffic extended well beyond Indonesia’s borders.
While the exact identities of those responsible remain unclear, investigators traced attack activity to multiple countries. According to Tempo, traffic associated with the cyberattacks on Tempo originated from Colombia, the United States, the Philippines, Bangladesh, Mexico, and Indonesia.
The international nature of the attack traffic reflects the complexity of modern DDoS operations, which often use distributed networks of compromised devices globally to conceal the origin of an attack.
Possible Link to Earlier CMS Breach Attempt
Tjahja believes the Tempo cyberattack may be connected to an earlier security incident that targeted the organization’s content management system (CMS) at the end of May 2026.
During that earlier intrusion attempt, attackers managed to unpublish several articles that had already been published on the website. According to Tjahja, the content affected by the breach involved corruption-related reporting.
However, the CMS architecture limited the level of access available to unauthorized users. As a result, the attackers were unable to permanently remove the articles and could only temporarily unpublish them.
According to Tjahja, the sequence of events suggests a possible connection between the two incidents.
“It appears that those behind the attacks were unhappy and then proceeded with the DDoS attack,” he said.
