Tens of millions of IP addresses were used to take down popular websites like Twitter, Spotify and Netflix on Friday by so far unknown sources. The DDoS attack on the DynDNS started on Friday morning, but the service was restored around 9:30 AM ET. However, around Friday noon, another attack began. Service was restored at approximately 1:00 PM ET same day, but many users had reported they had issues with certain websites.
Dyn reported there was an attempt of a third attack wave, but the were able to successfully mitigate it without customer impact.
Dyn issued a statement saying they are continuing their investigation.
At this point, we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough cause and forensic analysis and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.
According to DownDetector's outage map, the DDoS attack primarily targeted US users.