Cyber Incident Victim: SINET
Date:
Nov 2018
Location:
Cambodia
Summary
Several major Cambodian internet service providers, including SINET, experienced significant distributed denial-of-service attacks characterized by unprecedented scale within the country, with peak traffic reaching nearly 150Gbps. The attacks caused widespread connectivity disruptions including extended service outages lasting up to twelve hours and persistent network performance degradation across multiple providers over several days. While mitigation efforts were implemented, some providers required external assistance to restore operations. The incident's motivation remained unidentified, with no attributable threat actors, political context, or financial demands publicly disclosed. Technical impacts were corroborated through internet traffic monitoring showing substantial latency spikes and connectivity drops during the attack period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early November 2018, multiple Cambodian internet service providers, including SINET, EZECOM, Telcotech, and Digi, experienced severe distributed denial-of-service (DDoS) attacks. The attacks began around November 3-5, with peak intensity occurring on November 5-6 (Monday and Tuesday), causing widespread service disruptions. Users across these ISPs reported persistent difficulties accessing online services throughout the week, with the most significant outages lasting up to twelve hours during the initial attack waves. Network monitoring data revealed volumetric attacks reaching approximately 150Gbps in total bandwidth, overwhelming infrastructure and creating what local media described as some of the largest DDoS incidents in Cambodia's history. The sustained assault caused measurable connectivity declines visible in internet traffic charts, characterized by latency spikes and packet loss. While the primary attacks subsided after two days, residual malicious activity continued to degrade network performance through the remainder of the week, resulting in intermittent slowdowns for customers.
Affected ISPs implemented varying response measures, with SINET issuing a formal press release acknowledging "technical issues" and apologizing for service interruptions. EZECOM, despite offering commercial DDoS mitigation services, required third-party assistance to contain the attacks—a response that drew public criticism regarding preparedness. No threat actor claimed responsibility, and investigators found no evidence linking the incidents to concurrent political events or financial extortion attempts. The attacks exclusively targeted ISP infrastructure rather than specific customer networks or applications, causing collateral damage to all downstream users. Technical telemetry from network operators confirmed the attacks originated from external sources, though attribution specifics remained unidentified. The disruptions impacted business operations, government services, and general internet accessibility nationwide until full mitigation was achieved by week's end.