Google revealed a previously undisclosed DDoS (distributed denial-of-service) attack that happened in September 2017 and targeted Google Service. The attack, which clocked at 2.54 Tbps making it the largest DDoS attack known till date, was mitigated by Google.
In a separate blog post, Google’s Threat Analysis Group (TAG) said that the DDoS attack was carried out by a “state-sponsored threat actor”. Google’s TAG analyses high-end threat groups.
According to TAG researchers, the DDoS attack came from China and had originated from within the network of four Chinese internet providers – ASNs 4134, 4837, 58453, and 9394.
Damian Menscher, a Security Reliability Engineer for Google Cloud, said “the 2.54 Tbps peak was the culmination of a six-month campaign that utilised multiple methods of attacks to hammer Google’s server infrastructure”. However, Menscher did not mention which of Google’s services were targeted.
“The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us,” Menscher said.
“This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier (in 2016),” Menscher added.
This attack was also larger than the 2.3 Tbps DDoS attack that targeted Amazon’s AWS infrastructure in February 2020.
Google had not spoken of this attack for three years but decided to disclose it to raise awareness about an increasing trend of nation-state hacker groups that are abusing DDoS attacks to disrupt targets.
With this revelation, the Google Cloud team also wanted to warn people that DDoS attacks are only going to get more severe in the coming years as internet bandwidth increases.