Cyber Incident Victim: Voipfone
Date:
Aug 2021
Location:
United Kingdom
Summary
A UK VoIP provider, Voipfone, suffered service disruptions due to aggressive and ongoing DDoS attacks linked to the REvil cybercriminal group, which also targeted another domestic operator with a substantial ransom demand. The attacks flooded networks with traffic from compromised devices, causing intermittent outages affecting voice calls, SMS, and inbound/outbound services, leading to customer frustration post-holiday. While partial restoration occurred, services remained unstable as attacks persisted, prompting industry coordination through the UK Comms Council for mitigation strategies and law enforcement involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 31, 2021, at approximately 2:00 PM, Voip Unlimited, a UK-based VoIP provider, experienced a large-scale distributed denial-of-service (DDoS) attack accompanied by a substantial ransom demand. The attack caused intermittent or complete loss of internet connectivity services for some customers, though broadband and Ethernet services remained largely operational. Simultaneously, London-based Voipfone suffered service disruptions affecting voice calls, SMS messaging, and inbound/outbound communications starting during the August Bank Holiday weekend (August 28-30). Voipfone confirmed on August 31 that it had endured additional attacks following the initial disruption, characterizing the incidents as traffic floods originating from tens of thousands of compromised devices. Both companies reported ongoing attacks through September 1, with Voip Unlimited confirming services remained operational but under continued assault, while Voipfone worked to restore broadband services by late afternoon on August 31 amid warnings of potential renewed attacks.
The UK Comms Council notified its members about coordinated DDoS attacks targeting multiple UK internet telephony providers, identifying the Russian cybercrime group REvil as the suspected perpetrators based on shared intelligence. Voip Unlimited's managing director publicly acknowledged the attack's severity, accepted responsibility for service availability, and apologized for customer disruptions while confirming industry-wide targeting of SIP providers. Voipfone sources informally indicated they believed they were experiencing the same attack campaign as Voip Unlimited but provided no official attribution. Customer frustration escalated due to post-holiday service interruptions affecting business communications. Law enforcement agencies were engaged to investigate the incidents, though the full scope of impacted providers remained unclear. Both organizations implemented mitigation measures, with Voipfone partially restoring services while maintaining public status updates, and industry coordination continued through the Comms Council to share threat information and defensive strategies.