Cyber Incident Victim: Telnyx
Date:
Nov 2021
Location:
United States of America
Summary
Telnyx, a global VoIP provider, suffered widespread telephony service disruptions due to distributed denial-of-service (DDoS) attacks, resulting in failures and delays across its network. The company mitigated the attacks by migrating services to Cloudflare's Magic Transit for DDoS protection, initially moving EMEA and APAC regions with plans to transition Americas during off-peak hours. This incident follows similar attacks on other VoIP providers, underscoring the sector's vulnerability to such disruptions targeting publicly accessible infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 9, 2021, at approximately 11 PM EST, Telnyx experienced a distributed denial-of-service (DDoS) attack targeting its global Voice over Internet Protocol (VoIP) infrastructure. The attack caused widespread service disruptions affecting all telephony services across the company's operational regions, including the Americas, EMEA, APAC, and Australia. Customers reported complete failures or significant delays in service delivery as the attack overwhelmed Telnyx's systems. The disruptions persisted continuously from the initial attack onset, marking one of the most severe outages in the company's recent history. Telnyx's status updates confirmed the attack's persistence throughout November 10, with no immediate restoration of full functionality during the initial hours. The company's public communications emphasized the targeted nature of the assault on their core VoIP infrastructure, which routes calls and data over public internet connections.
In response to the ongoing attack, Telnyx initiated a migration of its network infrastructure to Cloudflare's Magic Transit DDoS protection service. This solution operates by funneling all inbound and outbound IP traffic through Cloudflare's scrubbing centers, which filter malicious packets before forwarding legitimate traffic to the origin servers. By November 10, Telnyx had successfully migrated its EMEA and APAC services behind Cloudflare's infrastructure, stabilizing connectivity for those regions. Plans were announced to migrate Americas-region services during off-peak hours to minimize additional customer impact. The incident followed a pattern of similar DDoS extortion campaigns against VoIP providers, including September 2021 attacks on VoIP.ms and Bandwidth that caused multi-day outages. While those earlier incidents involved explicit ransom demands—including one case where attackers impersonated the REvil ransomware group and demanded 100 bitcoins—Telnyx did not publicly disclose any extortion attempts related to their attack. The company's reliance on Cloudflare's mitigation technology mirrored Bandwidth's prior approach of deploying technical countermeasures rather than negotiating with attackers. VoIP infrastructure remains particularly vulnerable to such attacks due to its dependence on publicly accessible servers and endpoints required for global connectivity.