Cyber Incident Victim: FDN

Between late August and early September 2020, multiple internet service providers across Belgium, France, and the Netherlands experienced distributed denial-of-service (DDoS) attacks targeting their Domain Name System (DNS) infrastructure. The attacks commenced around August 28 and persisted for approximately one week, affecting ISPs including EDP in Belgium, Bouygues Télécom and K-net in France, and Caiway and Delta in the Netherlands. Each attack lasted no longer than 24 hours before being mitigated, though service disruptions occurred during active attack periods. The Dutch non-profit NBIP, representing national ISPs, analyzed the attacks as DNS amplification and LDAP reflection techniques, with peak traffic volumes reaching 300 gigabits per second. These assaults coincided with separate reports of DDoS extortion campaigns targeting financial institutions, though investigators found no conclusive evidence linking the two phenomena at the time of initial reporting.

On September 4, 2020, the Dutch National Cyber Security Centre (NCSC) confirmed that some attacks against Dutch ISPs included extortion demands requesting Bitcoin payments, though attribution remained unverified. The attacks specifically disrupted DNS resolution services, causing intermittent connectivity issues for customers of affected providers during attack windows. Simultaneously, a separate CenturyLink network outage was traced to a misconfigured Flowspec rule implemented during their mitigation of an unrelated DDoS incident, demonstrating broader infrastructure vulnerabilities exposed by such attacks. While service providers successfully mitigated all attacks within a day of onset, the coordinated timing across multiple countries and the scale of traffic generated indicated a sophisticated operational capability. No permanent data loss or system compromises were reported beyond the temporary service degradations during attack periods.