Cyber Incident Victim: Voipfone
Date:
Oct 2021
Location:
United Kingdom
Summary
A UK-based VoIP provider experienced a major service disruption due to repeated extortion-driven DDoS attacks by overseas criminals, causing extended voice service outages across multiple days. The attacks overwhelmed its systems, forcing temporary platform failures and prolonged recovery efforts, severely impacting business operations reliant on its services. Customers reported communication gaps and inability to implement failover solutions during downtime. The incident formed part of a coordinated international extortion campaign targeting multiple telecommunications providers, with industry groups collaborating with law enforcement and government agencies to mitigate threats to critical infrastructure. Previous similar attacks had intermittently disrupted services weeks earlier.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Voipfone, a UK-based internet telephone service provider, experienced a series of disruptive DDoS attacks beginning on 22 October 2021. The initial attack commenced at 16:15 BST, causing a near four-hour outage across all voice services. The company acknowledged this as an "extortion-based DDoS attack from overseas criminals" and advised customers to configure phone failovers to PSTN or mobile networks. Services were restored by 20:12 BST that evening. Attackers resumed their campaign on Monday, 25 October, triggering another major outage that persisted through the publication date of the incident report. During this second attack, Voipfone's website became intermittently inaccessible or slow to load, while its status page displayed ongoing disruptions to voice calling services. Customers reported being unable to establish failover connections due to inoperative support lines, which only played recorded messages. One business customer noted this marked the second prolonged outage exceeding 24 hours in recent weeks, severely impacting operations and eroding confidence in VoIP reliability.
This incident followed earlier DDoS disruptions against Voipfone between 31 August and 3 September 2021, which caused intermittent service degradation. The attacks occurred amid a broader campaign targeting UK VoIP providers, including VoIP Unlimited, which faced a REvil-linked ransom demand in September 2021. Comms Council UK Chair Eli Katz characterized the events as part of a coordinated extortion effort by professional cybercriminals against critical infrastructure providers. The council collaborated with law enforcement, the National Cyber Security Centre, Ofcom, and international agencies to share attack details, emphasizing the threat to public services like NHS and police communications that rely on affected providers. Voipfone engineers continued mitigation efforts during the October attacks, though operational restoration timelines remained unclear to customers at the time of reporting.