Cyber Incident Victim: Telstra
Date:
Aug 2020
Location:
Australia
Summary
A denial-of-service incident disrupted the telecommunications provider's DNS infrastructure, causing internet access failures for customers relying on default configurations. The outage began in the morning and was initially attributed to malicious traffic, prompting mitigation efforts to block the activity before services were restored by early afternoon. Subsequent investigation revealed the disruption stemmed from a DNS issue rather than a deliberate attack. During the incident, the company's status page intermittently returned errors, complicating outage communication. Affected users who manually switched to third-party DNS services regained connectivity earlier. The event occurred amid broader company initiatives to enhance network security through DNS filtering aimed at blocking malware and botnet communications.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 1, 2020, Telstra experienced a significant DNS outage impacting customers across Australia’s east coast, beginning before 10:30 AM local time. The disruption stemmed from what Telstra initially characterized as a denial-of-service (DoS) cyberattack targeting its domain name servers, which prevented customers with default DNS configurations from accessing the internet. Telstra publicly acknowledged the incident via Twitter just before noon, confirming the attack while assuring users their personal information remained secure. Affected customers who manually switched their DNS settings to third-party services like Cloudflare’s 1.1.1.1 regained connectivity, highlighting the localized nature of the outage to Telstra’s DNS infrastructure. Concurrently, Telstra’s own outage status page intermittently returned 502 and 404 errors, complicating incident transparency for users seeking updates. By 12:05 PM, Telstra reported progress in blocking malicious traffic, expressing confidence in mitigating the attack and restoring services. The company resolved the issue by 2:27 PM, retracting its initial assessment and attributing the outage to a non-malicious "massive messaging storm" linked to DNS operational issues rather than intentional hostile activity. Telstra issued a public apology for the disruption, acknowledging the impact on weekend plans for residential and business customers reliant on its services.
The incident occurred against the backdrop of Telstra’s ongoing promotion of its "Cleaner Pipes" DNS filtering initiative, launched to proactively block malware, botnet command-and-control communications, and remote access trojans traversing its network. Announced in May 2020, this program aimed to intercept millions of malicious communications daily, purportedly reducing data theft, financial fraud, and device infections for customers lacking robust cybersecurity resources. CEO Andy Penn had positioned Cleaner Pipes as a critical layer of protection complementary to endpoint security solutions, though not a comprehensive substitute. The initiative had gained recognition in Australian cybersecurity policy discussions as a potential model for industry-wide adoption. Telstra’s response to the August outage involved rapid traffic analysis, malicious traffic blocking, and eventual system restoration, though the reversal from a DoS attack to an internal DNS issue raised questions about initial diagnostic accuracy. The disruption underscored dependencies on carrier-managed DNS services and the effectiveness of manual configuration changes as a workaround during infrastructure failures.