Russia-linked group hits ProtonMail with major DDoS attack taking down its email service
- ProtonMail suffered intermittent outages for several hours with each lasting a few minutes.
- A hacker group named Apophis Squad that claims to have ties to Russia took to Twitter to brag about the attack and taunt ProtonMail users.
ProtonMail was hit with a massive distributed denial-of-service attack that briefly took down its email service. The company confirmed that its network was under a "sustained attack" traced back to a group claiming to have ties to Russia. The DDoS attack resulted in hours worth of sporadic outages and email delays.
Although the attack lasted several hours, the outages were brief and lasted a few minutes minutes. The longest outage lasted about 10 minutes. The service has since been restored and all queued emails have been delivered.
"Our network was hit by a DDoS attack that was unlike the more 'generic' DDoS attacks that we deal with on a daily basis," ProtonMail said in a statement on Reddit. "As a result our upstream DDoS protection service (Radware) needed more time than usual to perform mitigation.
"Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future. While we don't yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS's on record."
A group named Apophis Squad with supposed ties to Russia claimed responsibility for the ProtonMail attack on Twitter. It also proceeded to taunt both ProtonMail CTO Bart Butler and other ProtonMail users as well.
The company said there was no data breach and no emails were lost or compromised in the attack.
DDoS attacks on the rise
The DDoS attack comes after a new report from security firm Akamai revealed a 16% increase in the number of DDoS attacks recorded since 2017. The largest DDoS of the year was recorded at 1.35 Tbps that used a memcached reflector attack.
Researchers also noted that the sophistication and frequency of DDoS attacks has also been rising with hackers increasingly opting for reflection-based DDoS attacks and application-layer attacks such as SQL injection or cross-site scripting.
During the DDoS attack, ProtonMail founder Andy Yen told TechCrunch that it was "multi-vector" with the attackers "dynamically changing the type of attack traffic they are sending at us, so it's a higher level of sophistication than the usual ones.
"The reason behind these attacks is always hard to know for sure. For instance, a lot of times, the stated reason is a cover for the actual reason."