[ SB 20.30 ] Global DDoS-Campaign targeting ISPs, correlates with ISC-Bind-vuln (CVE-2020-8620)

A Global DDoS-Campaign against ISPs has been spotted since Aug 27, very often targeting DNS.

Swithak collected these in a Twitter-Thread and counts upo to 14 ISPs/Telcos and Hosting-Provider who had been targeted with mostly DNS-based DDOS-Attacks, starting Aug 27.

We analyzed a random sample of DNS-Infrastructure from some targets and found BIND-DNS-Servers, and we urge any provider to update their DNS-Servers as soon as possible.

isp ddos

The attacks correlates with the latest ISC-Bind - vuln reported by Talos just a week ahead of these attacks, where Talos also talked about an available PoC

Here is a Report from Radware, talking about the same issue: Global Ransom DDoS Campaign Targeting Finance, Travel and E-Commerce

radware ddos


Report by Radware Ransom DDoS Campaign: Circling Back, who spotted the campaign again End of 2020/early 2021


The wave had been seen end of march 2021: 800Gbps DDoS extortion attack hits gambling company



  • The gang had been seen in DACH-Region (Germany, Austria, Switzerland) targetting smaller ISP and Datacenter. src

in germany



We can provide our Luup-Clients with analysis regarding their own infrastructure.

Fragen? Kontakt: info@zero.bs