Cyber Incident Victim: Digi
Date:
Nov 2018
Location:
Cambodia
Summary
Multiple Cambodian internet service providers, including Digi, experienced severe distributed denial-of-service attacks causing widespread connectivity disruptions. The attacks peaked at nearly 150Gbps, resulting in extended downtime lasting up to half a day and persistent slow internet speeds across affected networks throughout the incident period. While the scale was unprecedented in the country's history, no clear motive emerged—with no associated political unrest or ransom demands observed. Some speculation pointed to potential inter-ISP sabotage, though this remained unconfirmed. The victim providers publicly acknowledged the technical issues, with one mitigation-focused firm facing criticism for requiring external assistance to resolve the attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early November 2018, multiple Cambodian internet service providers experienced significant distributed denial-of-service (DDoS) attacks that disrupted connectivity nationwide. Between November 5 and 6, users of EZECOM, SINET, Telcotech, and Digi reported persistent difficulties accessing online services, with peak disruptions occurring on Monday, November 5. The attacks reached approximately 150 gigabits per second that Monday, forcing some providers into downtime periods lasting up to twelve hours. Internet speeds remained degraded throughout the week due to subsequent smaller-scale attacks targeting the same ISPs. Local media described these coordinated assaults as among the largest ever recorded in Cambodia's history, with connectivity charts showing measurable dips in traffic volume and latency spikes across affected networks. The attacks impacted both residential and commercial users, though specific customer sectors or geographic regions weren't detailed in available reports.
Affected providers implemented varying response measures during and after the attacks. SINET issued a formal press release acknowledging technical difficulties and apologizing for service interruptions, though without disclosing mitigation specifics. EZECOM, despite offering DDoS mitigation services commercially, required external assistance to contain the attacks—a fact that drew public criticism regarding their preparedness. No ransom demands or political motives were publicly linked to the incidents, with investigators considering but not confirming theories about inter-ISP sabotage as a potential catalyst. Telecotech and Digi didn't release formal statements, though their networks experienced comparable disruptions. Internet traffic monitoring graphs provided visible evidence of the attacks' scale, showing abnormal connectivity patterns consistent with volumetric DDoS bombardment. The incidents occurred without concurrent reports of political unrest or collateral damage to other critical infrastructure sectors.