Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet

Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.

A massive Minecraft tournament styled after the Netflix blockbuster Squid Game (known, of course, as “SquidCraft”) apparently inspired a distributed denial of service (DDoS) attack that took down the sole (and state-owned) internet service provider in Andorra.

Internet-freedom monitoring company Netblocks confirmed the link between the attacks and the tournament in a Jan. 22 Tweet.

The SquidCraft Games kicked off on Jan. 19 with hosts Spanish streamers Rubius and Auronplay, who created the Squidcraft Games mode in Minecraft.

Open to Spanish-speaking gamers in Europe and Latin America, more than 150 streamers competed for the $100,000 prize during the six-day event, which attracted more than 2 million viewers to Twitch Rivals — the largest audience ever on the platform.

Infosec Insiders Newsletter

It’s unclear why the attackers would target Andorra, a sovereign microstate on the Iberian peninsula. But in any event, the attacks, which were ongoing for four days, had the intended effect of forcing at least a dozen players located in Andorra to leave the tournament, according to The Record. The outlet reported that DDoS flows reached 10Gbps during certain bursts, and that the traffic seemed to be coming from a known DDoS-for-hire service.

Auron was one popular player who was forced to announce his exit from Squidcraft Games on Jan. 22:

Other Andorra-based players knocked out of Squidcraft Games competition included E1Rubis, Biyin, TheGregfg, TaeSchnee, VioletaG, Aroyitt, 8cho and TinenQa, according to Today in 24.

DDoS Attacks on Gaming

DDoS attacks are unfortunately popular on gaming platforms.

A pair of Apex Legends players were banned from the game last spring after launching DDoS attacks on an Xbox server. And around the same time a new botnet called “Simps” emerged throughout underground marketplaces with the ability to launch DDoS attacks on gaming targets using Internet-of-Things (IoT) nodes.

The difference with the Squidcraft Games DDoS attack is the scale of collateral damage.

The state-owned Andorra Telecom has just more than 80,000 Internet subscribers. The country’s entire population is only about 85,000 people, so when service was taken down it crippled much of the Andorra’s society along with the handful of targeted gamers.

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.

Suggested articles