Orange Polska successfully mitigated the largest Distributed Denial-of-Service (DDoS) attack in its history, which peaked at 1.5 terabits per second on December 24, 2025.
Occurring on Christmas Eve, a time when network traffic is naturally elevated and security teams are often operating with reduced staffing, the assault exploited the lowered defensive posture to maximize disruption.
Despite the volume, the target was a single IP address, suggesting the attacker's goal may not have been to disrupt enterprise infrastructure directly but rather to incapacitate a specific user or service behind that address. This approach underscores the evolving threat landscape, where even individual users lacking public-facing services can become the focus of terabit-scale attacks.
From a technical standpoint, the event was a multi-vector volumetric DDoS operation. Orange's security team identified the concurrent use of several techniques, including IP Fragmentation, DNS Flood, UDP Flood, NetBIOS Amplification, and a Total Traffic Flood. These were designed to saturate available bandwidth and exhaust mitigation resources. The packet rate reached 134.5 million packets per second (Mpps), placing it firmly in the hyper-volumetric category.
Orange
Orange Polska is one of the largest telecommunications providers in Poland, serving millions of consumers and businesses with fixed-line, mobile, and internet services. It is part of the wider Orange Group, a multinational telecom conglomerate operating in 26 countries.
This attack comes on the heels of other major cyber incidents involving Orange Group. In July 2025, Orange France suffered a cyberattack that disrupted business operations. Just weeks later, Orange Belgium reported a data breach affecting 850,000 customers, with exposed metadata raising concerns about SIM swap risks. These incidents, while varied in nature, reflect a broader trend of coordinated, high-impact cyber operations targeting European telecom infrastructure.
While the 1.5 Tbps figure is dwarfed by the Aisuru botnet's record-setting 29.7 Tbps DDoS attack reported by Cloudflare in October 2025, the Orange Polska case demonstrates how such tactics are now being deployed at scale within national networks.
The impact on end users during the Orange Polska attack was negligible, services remained operational, and no customer disruptions were reported. This indicates that Orange's DDoS defense architecture, likely involving automated mitigation systems and layered traffic filtering, functioned as intended. Still, Orange warned against complacency, highlighting that DDoS attacks leave no forensic trail on targeted systems and are often underestimated precisely because well-executed mitigations obscure their impact.
Leave a Reply