Cyber Incident Victim: Digi
Date:
Nov 2018
Location:
Cambodia
Summary
Multiple major Cambodian internet service providers, including Digi, experienced severe distributed denial-of-service attacks causing extended downtime and persistent connectivity degradation across their networks. The attacks peaked with nearly 150Gbps of malicious traffic, among the largest ever recorded in the country, resulting in service disruptions lasting up to twelve hours and subsequent intermittent slowdowns throughout the week. While several providers publicly acknowledged the incidents, one faced criticism for relying on external assistance to mitigate the attacks. No threat actors claimed responsibility, and authorities identified no clear motives such as political unrest or financial demands, though industry speculation suggested possible inter-provider sabotage as a contributing factor.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early November 2018, multiple Cambodian internet service providers experienced significant distributed denial-of-service (DDoS) attacks disrupting connectivity nationwide. The attacks began impacting EZECOM, SINET, Telcotech, and Digi around November 5-6, 2018, with peak disruptions occurring on Monday and Tuesday of that week. Users across these ISPs reported persistent difficulties accessing online services throughout the incident period. The attacks reached unprecedented scale within Cambodia, with aggregated traffic volumes peaking at approximately 150 gigabits per second during the initial surge. This caused full outages lasting up to twelve hours for some providers, followed by intermittent service degradation throughout the week as smaller follow-on attacks continued. Internet traffic monitoring charts from the period showed measurable connectivity drops and latency spikes correlating with attack waves.
Affected ISPs implemented varying response measures during the incident. SINET issued an official press release acknowledging technical difficulties and apologizing to customers, though without detailing mitigation strategies. EZECOM, despite being a DDoS mitigation service provider itself, required external assistance to counter the attacks—a response that drew public criticism. No ransom demands or political motivations were publicly connected to the attacks, leaving their origin and purpose officially undetermined. The incident's technical resolution timeline wasn't disclosed, though service disruptions reportedly persisted for multiple days. Local media characterized the event as among the largest cyberattacks in Cambodia's history based on its national impact across multiple telecommunications providers simultaneously.