Cyber Incident Victim: FreedomNet

Between late August and early September 2020, multiple internet service providers across Western Europe experienced distributed denial-of-service (DDoS) attacks targeting critical DNS infrastructure. The incident impacted ISPs in Belgium, France, and the Netherlands, including EDP in Belgium, Bouygues Télécom and K-net in France, and Caiway and Delta in the Netherlands. Attacks commenced around August 28 and recurred over the following week, with each assault lasting no more than 24 hours before mitigation. Technical analysis by NBIP, a Dutch ISP association, identified DNS amplification and LDAP reflection techniques generating traffic volumes up to 300 gigabits per second. These attacks coincided with separate DDoS extortion campaigns against financial institutions reported by ZDNet, though investigators found no confirmed operational connection between the two threat activities.

The sustained bombardment disrupted normal service operations for affected providers, causing temporary outages and degraded performance for customers during attack windows. All targeted organizations successfully mitigated the assaults within a day of onset through unspecified defensive measures. On September 4, the Dutch National Cyber Security Centre (NCSC) confirmed that Bitcoin extortion demands accompanied some attacks against Dutch infrastructure, though attribution remained unverified. A related but distinct incident involved CenturyLink, where a misconfigured Flowspec rule intended to mitigate DDoS traffic inadvertently caused network-wide outages, demonstrating collateral impacts from large-scale attack responses. No permanent data loss or system compromises were reported by the European ISPs, though service reliability suffered during peak attack periods.