Telstra “Attack” Not Malicious – Actually DNS Issue

Telstra initially believed it was the victim of a “malicious” cyber-attack last week, but it turned out that the issue was a domain name server issue. 

Wide-spread internet outages were experienced by Telstra customers on Sunday 2 August. The issue created connectivity issues for home internet users. Customers in Sydney, Melbourne, and Brisbane were the worst affected. 

Even the Telstra outages website was down during the incident. 

The company initially believed that it was the victim of a denial of service cyberattack. A denial of service attack is when a network is flooded with traffic and information which leads to a bottleneck, which then blocks legitimate users access to the network. 

Much of Australia has been on high alert after the Prime Minister, Scott Morrison, stated that the country’s computer systems had been the target of a “sophisticated state-based actor” in June. 

Once Telstra resolved the issue they announced that they had blocked “the malicious traffic” and that users personal data was safe. 

However, they later admitted that the outage was actually due to something other than a cyberattack.  

“The massive messaging storm that presented as a denial of service cyber attack has been investigated by our security teams and we now believe that it was not malicious, but a domain name server issue.”

It turns out the “malicious traffic” was just a mass of customer requests that created an issue with its DNS. Described as a “massive messaging storm”, the company then apologized for “getting in the way of your weekend plans”. 

The incident was reminiscent of when the MyGov website crashed in March due to what they thought was a “distributed server attack on [its] main channels” which turned out to just be an unprecedented number of attempts to sign-up for Centrelink payments when the pandemic hit.