Cyber Incident Victim: Chinese Telecom Firm

In the second quarter of 2017, a Chinese telecommunications firm experienced a prolonged distributed denial-of-service (DDoS) attack lasting 277 hours (approximately 11 days), marking the longest recorded DDoS incident of that year according to Kaspersky Lab’s 2017 DDoS Intelligence Report. The attack represented a 131% increase in duration compared to DDoS incidents observed in the preceding quarter, signaling a shift toward extended attack campaigns. Kaspersky researchers documented the event as part of a broader trend of escalating DDoS activity targeting multiple countries, including China, the United Kingdom, Italy, Hong Kong, the United States, South Korea, and Russia. While the specific operational impact on the telecom firm’s services was not disclosed, the attack’s unprecedented length highlighted evolving attacker capabilities. Kaspersky’s malware and anti-botnet analyst Oleg Kupreev noted no single definitive explanation for the extended duration, acknowledging that threat actors occasionally experiment with attack lengths for unconfirmed reasons.

Concurrently, Kaspersky observed a rise in DDoS-related extortion schemes during the same quarter, though no direct link to the telecom attack was established. In these unrelated cases, attackers demanded ransoms of 5 to 200 Bitcoin, sometimes preceding demands with short demonstrative attacks to coerce payments. Researchers noted that inexperienced actors increasingly executed such schemes, targeting organizations perceived as having limited security resources but sufficient funds to pay ransoms. The telecom incident exemplified the growing scale of DDoS threats, with attackers leveraging readily available tools to sustain prolonged disruptions. No specific mitigation measures or response actions taken by the telecom firm were detailed in the report, leaving the operational and financial consequences of the 11-day attack undocumented in the available source material.