Cyber Incident Victim: Bouygues Telecom
Date:
Aug 2020
Location:
France
Summary
A wave of DDoS attacks targeted multiple European ISPs, including Bouygues Télécom, disrupting services through DNS amplification and LDAP-type assaults with peak intensities reaching 300Gbit/s. The incidents impacted providers in Belgium, France, and the Netherlands, causing temporary operational interruptions mitigated within a day; Dutch authorities later confirmed associated Bitcoin extortion demands. Separately, a misconfigured Flowspec rule during another DDoS incident triggered a CenturyLink network outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late August 2020, Bouygues Télécom and multiple other European internet service providers experienced distributed denial-of-service (DDoS) attacks targeting critical DNS infrastructure. The attacks affected ISPs across Belgium, France, and the Netherlands between late August and early September, with Bouygues Télécom, French provider K-net, Belgian operator EDP, and Dutch companies Caiway and Delta among the confirmed targets. Attackers employed DNS amplification and LDAP-based attack vectors, generating traffic floods that peaked at approximately 300 gigabits per second. These sustained volumetric attacks disrupted normal service operations for affected providers during active attack windows, though individual incidents typically subsided within 24 hours. The coordinated timing across multiple countries suggested a broader campaign, though no explicit connection between attacks on different providers was formally established. Service degradation occurred during attack periods despite mitigation efforts, impacting customer access to internet services dependent on DNS resolution.
Network operators implemented standard DDoS mitigation protocols to contain the attacks, successfully restoring services within a day of each incident's onset. The Dutch nonprofit NBIP confirmed the technical characteristics of the attacks after analyzing traffic patterns from affected members. On September 4, 2020, the Dutch National Cyber Security Centre (NCSC) disclosed that some attackers had coupled DDoS operations with Bitcoin extortion demands, though this financial motivation wasn't explicitly linked to Bouygues Télécom's incident in available reports. No attribution to specific threat actors was confirmed by cybersecurity authorities during initial investigations. The incidents occurred concurrently with unrelated DDoS extortion campaigns targeting financial institutions reported by ZDNet, though no operational or tactical connections between these events were verified. All affected ISPs maintained service continuity through mitigation measures despite temporary disruptions during attack peaks.