Cyber Incident Victim: EZECOM
Date:
Nov 2018
Location:
Cambodia
Summary
Multiple Cambodian internet service providers, including EZECOM, experienced significant disruptions due to large-scale distributed denial-of-service attacks, among the most substantial recorded in the country. The attacks peaked at nearly 150Gbps, causing prolonged downtime and persistent connectivity degradation across affected networks, with some outages lasting up to half a day and slow speeds continuing throughout the week. While EZECOM—a provider of DDoS mitigation services—acknowledged the incidents, it faced criticism for requiring external assistance to address the attacks. No clear motive emerged, as there were no associated ransom demands or concurrent political events, though unverified speculation suggested possible inter-provider sabotage as a potential cause.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early November 2018, multiple Cambodian internet service providers, including EZECOM, SINET, Telcotech, and Digi, experienced severe distributed denial-of-service (DDoS) attacks. The attacks began around November 3 and intensified on November 5-6 (Monday and Tuesday), disrupting connectivity nationwide. These incidents represented some of the largest DDoS attacks ever recorded in Cambodia’s history, with peak traffic volumes reaching approximately 150 gigabits per second. The sustained attacks caused major service interruptions, including complete downtime lasting up to 12 hours for some providers. Users across all affected ISPs reported prolonged difficulties accessing online services throughout the week, with residual connectivity issues persisting due to follow-up attacks of smaller magnitude. Internet performance metrics showed significant latency spikes and connectivity drops during this period, corroborating user reports of sluggish speeds and intermittent access.
The ISPs implemented varying response measures, with SINET issuing a formal public apology acknowledging technical disruptions. EZECOM, despite marketing itself as a DDoS mitigation service provider, faced customer criticism for requiring third-party assistance to address the attacks. No threat actor claimed responsibility, and investigators found no evidence linking the incidents to geopolitical events, civil unrest, or financial extortion attempts. The attacks’ technical characteristics drew comparisons to prior large-scale DDoS events, including the 2016 bombardment of Liberian ISPs by a botnet controlled by a UK-based teenager. Forensic analysis of traffic patterns suggested similarities with IoT botnet-driven attacks, though Cambodian authorities did not publicly confirm the attack vectors or perpetrator identities. Service restoration efforts continued throughout the week, with providers gradually stabilizing networks amid ongoing but diminishing attack volumes.