Cyber Incident Victim: Tor Network
Date:
Jul 2022
Location:
United States of America
Summary
The Tor network experienced prolonged distributed denial-of-service (DDoS) attacks beginning in mid-2022, causing intermittent connectivity disruptions and degraded performance that occasionally prevented users from accessing onion services or loading pages. Attack methods evolved over time, prompting ongoing defensive adjustments by network operators who limited public details to safeguard mitigation efforts. Simultaneously, the I2P network faced similar DDoS assaults, resulting in router crashes—particularly affecting i2pd nodes with memory failures—and degraded network functionality due to malicious floodfill routers propagating false information. Both anonymous communication platforms implemented adaptive countermeasures, with I2P developers preparing router updates to address vulnerabilities exploited by the attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Tor network experienced ongoing distributed denial-of-service (DDoS) attacks beginning in July 2022, as confirmed by Tor Project Executive Director Isabela Dias Fernandes in February 2023. These attacks intermittently degraded network performance through early 2023, causing connectivity issues where users could not reliably access onion services or load web pages. Attack methodologies evolved over time, targeting unspecified network components and requiring continuous defensive adjustments from Tor engineers. The Tor Project implemented mitigation measures to maintain network functionality while deliberately limiting public disclosure of technical attack details to avoid aiding adversaries. Despite performance fluctuations attributed to circuit selection and onion service variability, core services remained operational. The organization expanded its technical team with two new developers focused specifically on onion service resilience during this period.
Parallel DDoS attacks simultaneously targeted the I2P anonymity network for at least three days preceding February 7, 2023, employing malicious floodfill routers to disrupt peer coordination. This sybil attack strategy involved propagating false network information through compromised nodes, causing memory exhaustion crashes in i2pd routers while Java-based routers demonstrated greater resilience. I2P developers confirmed the attacks involved dynamic tactics with multiple daily variations in intensity and approach. Network performance degradation occurred but did not cause complete outages, maintaining baseline functionality for users. Mitigation development prioritized router software updates, with planned fixes scheduled for upcoming Java and C++ development builds. Both anonymity networks sustained operational continuity through adaptive defenses while experiencing intermittent service quality reductions directly attributable to the persistent attack campaigns.