Cyber Incident Victim: SFR

In late August 2020, multiple internet service providers across Belgium, France, and the Netherlands experienced distributed denial-of-service (DDoS) attacks targeting their DNS infrastructure. The incidents affected EDPnet in Belgium, Bouygues Télécom and K-net in France, and Caiway and Delta in the Netherlands, among other providers. Attacks typically lasted under 24 hours but caused temporary service disruptions for customers during active periods. The Dutch Association of Internet Providers (NBIP) identified the attacks as combining DNS amplification and LDAP-based vectors, with peak traffic volumes reaching 300 gigabits per second. ISPs successfully mitigated the attacks using standard defensive measures, though the disruptions highlighted vulnerabilities in critical DNS systems. The timing coincided with separate reports of DDoS extortion campaigns against financial institutions, though no direct connection was established between these events at the time of initial reporting.

On September 4, 2020, the Dutch National Cyber Security Centre (NCSC) confirmed that some DDoS incidents involved extortion demands requesting Bitcoin payments, though attribution remained unverified. Separately, a misconfigured Flowspec rule implemented during a DDoS mitigation effort caused an unrelated outage at CenturyLink, demonstrating secondary operational risks during attack responses. No specific threat actor group or motive was conclusively linked to the ISP attacks beyond the general extortion pattern observed in some cases. Service providers restored normal operations through traffic filtering and infrastructure hardening without reporting permanent damage or data breaches. The coordinated timing across multiple countries suggested a targeted campaign against telecommunications infrastructure, though technical evidence tying all incidents remained circumstantial.