After Bluesky, Mastodon Targeted in DDoS Attack
The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours.
Aggregated from SecurityWeek
This article was automatically aggregated from an external source. Content may be summarized.
Full Analysis
Following a similar assault on Bluesky just days prior, the decentralized social media platform Mastodon has also been targeted in a major distributed denial-of-service (DDoS) attack.
The attack targeted Mastodon.social, the flagship Mastodon server, and caused what the organization classified as a ‘major outage’.
According to the Mastodon status page, the DDoS attack started on April 20 at around 1 PM, and by 4 PM mitigations were rolled out and the site became accessible.
An update shared on April 21 at 11 AM showed that the attack stopped and operations had returned to normal.
The DDoS attack came just days after Bluesky, a similar social media platform, was disrupted by what it described as a sophisticated attack.
A threat actor called 313 Team, which claims to be a pro-Iran hacktivist group, took responsibility for the attack, but their claims have not been verified.
No one appears to have taken credit publicly for the attack on Mastodon.
Advertisement. Scroll to continue reading.
Both Mastodon and Bluesky surged in popularity following Elon Musk’s acquisition of X (formerly Twitter), positioning themselves as decentralized refuges from top-down control, unpredictable algorithms, and erratic moderation.
Related: Critical Vulnerability Can Allow Takeover of Mastodon Servers
Related: 53 DDoS Domains Taken Down by Law Enforcement
Related: German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.
Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.
Originally published by SecurityWeek
Original Source
SecurityWeek