Nation-state actor hit Google with the largest DDoS attack

Posting ID 127526
Date Added: 10/17/2020 8:38 PM EDT
Date Modified: 10/17/2020 8:38 PM EDT
Watch Floor



In a recently released overview of distributed denial-of-service (DDoS) trends targeting its network, Google revealed that in 2017 a nation-state actor used massive firepower that amounted to more than 2.54 terabits per second, making it the largest known DDoS attack. This is four times larger than the Mirai attack from 2016.

The actor targeted thousands of Google IP addresses simultaneously and employed several methods in a campaign spanning six months. While not directly naming the state responsible, Google stated the bad UDP packets hurled at its systems came from several Chinese Internet Service Providers.

One of Google’s engineers stated the attack occurred around September 2017 and used 180,000 exposed servers of various types to amplify responses aimed at Google. Google reports its systems were able to withstand the attack.

In the same report, Google reported that it had been hit with 33,000 known state-sponsored attacks in the first three quarters of 2020.

Impact Statement/Analysis:

This disclosure demonstrated that state-sponsored cyber attacks have the capacity to be more devastating than those conducted by individuals or groups. While the culprit of this particular attack was likely China, who have far and away the greatest resources to mount such an effort; they are not the only potentially hostile cyber actor who could execute an attack of this magnitude.

As hostile actors continue to refine their tactics and improve their capabilities, it becomes more likely a successful attack could take down Google or another large entity. Any compromise of Google would expose all of their private and corporate users to indefinite disruption and loss of personal and trade information. Similarly severe damage is likely upon a successful attack aimed at any other corporate web service, which could affect NERC clients, government entities, and the supply chain.

Category Type:
Cyber Security
TLP - White
Shared Count (15)
  • Canadian CERTs
  • CRISP - Cyber Risk Info Sharing Program
  • DOE Complex
  • E-ISAC AOO Members
  • E-ISAC Staff
  • FBI, LE Fusion
  • FERC - OEIS, etc
  • International (other ISACs, CERTs)
  • Other (inc. local/state commissions)
  • Trade Organizations
  • Watch Floor