Telegram App Targeted in DDoS Cyberattack

An DDoS attack aimed at slowing connectivity for the Telegram app took place this week. The cyberattack coincided with large protests in Hong Kong, and with most of the IP addresses coming from China, it is speculated that they were involved in the attack.

• By Kaitlyn DeHaven
• Jun 14, 2019

The Telegram messaging app was overloaded by a DDoS cyberattack this week. The attack was performed in order to flood the app with so much traffic that it slowed users’ connectivity – it was not an attempt to steal users’ data.

The attack coincided with large protests in Hong Kong over an extradition bill with China. Many of the protesters were said to have been communicating over the Telegram app, as there are ways to encrypt messages end-to-end to ensure privacy. Because of this strenuous encryption, the app has been used in terrorist attacks as communication previously, and was the subject of an Iranian government controversy last year.

Pavel Durov, the founder of Telegram, said in a tweet that the IP addresses mostly came from China and consisted of 200-400 Gb/s of clutter.

“Historically, all state actor-sized (attacks) we experienced coincided in time with protests in Hong Kong,” Durov said. “This case was not an exception.”

The attack did not only affect Asia though, but any country that was using the app. The company said in a tweet that the Americas and some users from other countries may experience connection issues.

Paul Bischoff, a privacy advocate at Comparitech.com, said that Durov has good reason to suspect China is the reason for this DDoS attack.

“Telegram CEO Pavel Durov isn’t crazy for suspecting the Chinese government is targeting Telegram,” Bischoff said. “It wouldn’t be the first time that China has weaponized botnets – a group of computers that can be controlled from a single command and control point – to target websites with DDoS attacks.”

Bischoff said in 2015, the largest DDoS attack in history up to that point was attributed to China. The attack was aimed at two censorship circumvention tools hosted on the Github site.