This week the Google Cloud team told about a previously unknown DDoS attack that targeted a Google service back in September 2017 and peaked at 2.54 TB / s, making it the most powerful attack ever recorded.
Soon analysts from Google Threat Analysis Group (TAG) published your reportdedicated to the incident, in which it was said that the responsibility for this attack lay with "government hackers". According to TAG, the attack came from China, from the networks of four specific providers: ASN 4134, 4837, 58453, and 9394.
The researchers write that 2.54 TB / sec was the culmination of a long six-month campaign against Google, during which attackers used various attack methods and tried to undermine the company's server infrastructure. It was not reported which services the hackers were targeting.
“Attackers used multiple networks to spoof 167 million packets per second on 180,000 open CLDAP, DNS and SMTP servers, which would then send huge responses to us,” wrote Google engineers. "This demonstrates the scale that well-resourced criminals can achieve: four times the record 623 Gbps attack carried out by the Mirai botnet a year earlier (in 2016)."
It is also worth noting that the incident described by Google surpasses even the attack on Amazon AWS that occurred in February of this 2020, the capacity of which was 2.3 TB / sec. That is, the record for DDoS attacks has once again been broken.
Google experts explain that for a number of reasons they kept the incident secret for several years, but now they decided to make the incident public. The fact is that the Google TAG team wanted to draw attention to the increasing incidence of DDoS attacks from government hackers, as well as to the fact that as the Internet develops, the number and power of such attacks will only continue to increase.