Cyber Incident Victim: SINET

In late August 2020, multiple internet service providers across Belgium, France, and the Netherlands experienced distributed denial-of-service (DDoS) attacks targeting their Domain Name System (DNS) infrastructure. The attacks occurred over approximately one week, with confirmed incidents affecting EDP in Belgium, Bouygues Télécom and K-net in France, and Caiway and Delta in the Netherlands. Each attack lasted no longer than 24 hours before being mitigated, though service disruptions occurred during active attack periods. The Dutch non-profit NBIP, representing internet providers, analyzed the attacks as combining DNS amplification and Lightweight Directory Access Protocol (LDAP) attack vectors, with some attacks reaching bandwidths of 300 gigabits per second. This attack wave coincided with separate reports of DDoS extortion campaigns against financial institutions, though investigators found no confirmed operational connection between these events at the time.

On September 4, 2020, the Dutch National Cyber Security Centre (NCSC) confirmed that some affected ISPs had received extortion demands payable in Bitcoin, though no attribution to specific threat actors was established. The attacks exclusively targeted DNS infrastructure, causing temporary interruptions in internet connectivity for customers of the compromised providers. Mitigation efforts successfully contained each incident within a day, restoring normal operations. Separately, telecommunications company CenturyLink experienced an unrelated outage during this period, which investigators linked to a misconfigured Flowspec rule implemented during their own DDoS mitigation efforts. No collateral damage from the SINET-related attacks was reported beyond the temporary service disruptions at the targeted ISPs.