Cyber Incident Victim: StarHub

On October 22 and October 24, 2016, Singapore telecommunications provider StarHub experienced two distributed denial-of-service (DDoS) attacks targeting its domain name servers, disrupting home broadband services for some customers. The company identified the incidents as intentional and potentially malicious after analyzing network logs, noting attackers flooded their infrastructure with fabricated traffic to overwhelm systems. Service disruptions occurred during both attacks, but StarHub implemented mitigation measures within two hours each time by filtering unwanted traffic and expanding DNS capacity. The company confirmed no customer data was compromised and emphasized that only home broadband services were affected, with mobile, pay-TV, and other operations remaining functional. StarHub characterized the attacks as unprecedented in scale, nature, and complexity, though specific technical details about attack volume or duration were not disclosed.

StarHub collaborated with Singapore's Cyber Security Agency (CSA) and Infocomm Media Development Authority (IMDA) to investigate the attacks' origin and motivation, though no attribution or source was publicly identified. The incidents occurred shortly after the globally disruptive October 21 DDoS attack on DNS provider Dyn, which involved Mirai malware-infected IoT devices, though StarHub confirmed it did not utilize Dyn's services. In response to the StarHub incidents, CSA and IMDA issued a joint advisory urging all Singapore telecommunications operators to strengthen defenses against similar attacks. Competitors Singapore Telecommunications and M1 reported no abnormal network traffic during the same period but heightened monitoring as a precaution. Service was fully restored following both attacks, with no subsequent disruptions reported in the immediate aftermath.