Cyber Incident Victim: NTT Docomo
Date:
Jan 2025
Location:
Japan
Summary
NTT Docomo experienced service disruptions affecting multiple platforms including goo services, OCN, d Menu News, Lemino search, d Pay shopping, and GOLF me due to a DDoS attack causing network congestion. The incident rendered several services temporarily inaccessible, with most functionality restored later the same day though some content updates remained delayed. The company confirmed the cyberattack as the cause but did not attribute it to any specific threat actor, distinguishing this incident from an unrelated temporary dPayment outage occurring the same day. This follows prior cybersecurity incidents involving the telecommunications provider, reflecting broader targeting of Japanese organizations by disruptive network attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 2, 2025, NTT Docomo—Japan’s largest mobile carrier—experienced a widespread service disruption beginning at approximately 5:27 a.m. local time. The incident impacted multiple digital services, including general access to goo platforms, the OCN top page, d Menu News, Lemino’s search functionality, d Pay’s shopping search feature, and the GOLF me website. Initial user reports indicated difficulties accessing these services, with the company confirming network congestion caused by a distributed denial-of-service (DDoS) attack that flooded its infrastructure with malicious traffic. A separate, unrelated disruption affected the dPayment service between 10:50 a.m. and 11:08 a.m., though NTT Docomo explicitly stated this shorter outage was not linked to the DDoS incident. By 4:10 p.m., the carrier had resolved the primary accessibility issues stemming from the attack, restoring core functionality across most platforms. However, recovery measures implemented to mitigate the DDoS caused delays in content updates for some services, with the company advising users to monitor individual service sites for real-time information refreshes. The attack marked the second major cybersecurity incident for NTT Docomo in recent years, following a 2023 ransomware attack claimed by the Ransomed.vc group.
The company’s public notifications confirmed the operational restoration of affected systems but did not identify the threat actors responsible for the DDoS attack or disclose technical specifics about the attack vectors. Service interruptions persisted for nearly 11 hours, affecting news distribution, video streaming, mobile payments, and specialized consumer portals during peak usage periods. NTT Docomo’s incident response focused on traffic filtering and network stabilization to restore access, though residual delays in content propagation indicated lingering systemic impacts. No customer data breaches or financial compromises were reported in connection with the attack. The incident underscored the operational vulnerabilities of critical telecommunications infrastructure to volumetric attacks, occurring amid a broader trend of cyber targeting against Japanese corporations across sectors including aviation, insurance, and finance. Historical context from the 2023 ransomware incident highlighted NTT Docomo’s recurring challenges in defending against evolving cyber threats despite its market dominance as Japan’s primary mobile service provider.