Skip to content

CLOUDFLARE 2026-04-28 Tier 1

Read original ↗

Cloudflare — Shutdowns, power outages, and conflict: a review of Q1 2026 Internet disruptions

Summary

Cloudflare Radar's quarterly review of observed and confirmed Q1 2026 Internet disruptions, as published by the Radar team on 2026-04-28. Unlike the average quarter, Q1 2026 is dominated by government-directed shutdowns (prolonged nationwide blackouts in Uganda and Iran — the latter one of the longest sustained Internet disruptions in recent years) and by the first publicly disclosed kinetic strikes on hyperscaler cloud infrastructure: drones hit two AWS availability-zone-backing data centers in the United Arab Emirates (the me-central-1 region) on March 1 and a Bahrain facility ( me-south-1) the following day, with an additional me-south-1 disruption on March 23. Three separate collapses of Cuba's national electrical grid in March caused repeated connectivity loss. Other events covered: the Republic of Congo's third consecutive election- linked blackout (2016 / 2021 / 2026); Russian attacks on Ukrainian energy infrastructure on January 7-8 and January 26; power outages in Buenos Aires (heatwave), Paraguay, the Dominican Republic, Moldova (via the Ukraine grid), and the U.S. Virgin Islands; Storm Kristin in Portugal; a West Africa Cable System (WACS) incident in the Republic of Congo; a Verizon Wireless software failure; and smaller disruptions at Flow Grenada, Orange Guinée, and TalkTalk. Canonical wiki instance of Cloudflare's recurring quarterly-internet-disruption-review shape (sibling to earlier Q1 2025, Q3 2025, and Q4 2024 reviews).

Key takeaways

  1. Government-directed shutdowns inverted a one-year trend. Q1 2025 had no observed government-directed shutdowns; Q1 2026 had two prolonged nationwide blackouts (Uganda, Iran) plus a third shorter election-linked shutdown in the Republic of Congo. Verbatim: "government-directed shutdowns figured prominently... a stark contrast to the lack of observed government-directed shutdowns in the same quarter a year prior." Canonical instance of concepts/government-directed-internet-shutdown.
  2. Uganda: pre-election nationwide shutdown via mobile- operator suspension. The Uganda Communications Commission ordered mobile network operators to suspend public Internet access from 18:00 local (15:00 UTC) on January 13, two days before the January 15 presidential election. Domestic traffic at the Uganda Internet Exchange Point (UIXP) dropped from ~72 Gbps to ~1 Gbps. Partial restoration followed the incumbent president's declared win at 23:00 local on January 17; full restoration announced January 26. Prior instance: Uganda's 2021 election shutdown. Canonical instance of concepts/election-related-shutdown.
  3. Iran: two nationwide shutdowns, one still active at quarter- end. First shutdown began around 20:00 local (16:30 UTC) on January 8; traffic returned briefly on January 21 and January 25 before recovering more aggressively January 27. Second shutdown began 10:30 local (07:00 UTC) on February 28 as military strikes escalated. Traffic fell to well under 1% of previous levels, with only "small amounts of Web and DNS traffic" egressing. The second shutdown was effectively achieved through aggressive filtering
  4. "'whitelists' and 'white SIM cards' restricting access to only approved Internet sites by selected users" — the canonical wiki instance of concepts/whitelist-internet-access. As of late April, this shutdown remains largely in place, making it one of the longest sustained Internet disruptions observed in recent years.
  5. IPv6 withdrawal as leading indicator of national shutdown. Several hours before traffic dropped on January 8, Iran's announced IPv6 address space collapsed — Asiatech (AS43754) lost 4.46 million /48-equivalents (~9.4% of Iran's IPv6 space on its own), RASANA (AS31549) lost 4.19 million (~8.8%). IPv4 space stayed largely constant, indicating the second shutdown was implemented by filtering, not route withdrawal. Canonical instance of concepts/ipv6-withdrawal-as-shutdown-signal.
  6. First publicly-disclosed kinetic strikes on hyperscaler cloud infrastructure. On March 1 (UTC) Amazon reported a fire at a UAE data center; the next day confirmed two me-central-1 (UAE) facilities were "directly struck" by drones and a me-south-1 (Bahrain) facility was damaged by a nearby strike. Cloudflare Cloud Observatory data showed elevated connection failure rates in both regions starting March 1-2 and remaining elevated for multiple days. AWS Health Dashboard message verbatim: "These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage." AWS explicitly urged customers with workloads in affected regions to back up data or migrate to other AWS regions. A second me-south-1 disruption followed drone activity on March 23. Canonical wiki instance of concepts/kinetic-attack-on-cloud-infrastructure.
  7. Cuba suffered three separate national-grid collapses in March. March 4 (western half of the island including Havana; recovery by 05:01 local March 5); March 16 (entire National Electric Power System disconnected, ~30-hour disruption); March 21-22 (second complete collapse in one week, traffic −77% vs prior week, recovery at 21:39 local March 22). Prior instances in September 2025, March 2025, October 2024 — "reflecting the severe deterioration of the country's electrical infrastructure."
  8. Ukrainian energy infrastructure under sustained military attack. January 7-8: Russian strikes on Dnipro power infrastructure cut traffic ~50% below prior-week levels in Dnipropetrovsk. January 26: drone and missile attack on Kharkiv energy infrastructure cut traffic ~50%. January 31: a cascading grid failure between Romania, Moldova, and western/central Ukraine (triggered by simultaneous 400kV + 750kV line failures at 08:42 UTC) cut traffic in Moldova, Kyiv, and Kharkiv by as much as 46% below prior week.
  9. Submarine cable incident plus other "unknown cause" outages. January 2-4: WACS (West Africa Cable System) incident cut Republic of Congo traffic 82% below expected; Congo Telecom activated backup solutions. February 9-10: ~12-hour island-wide Flow Grenada disruption with complete loss of announced IPv4 space — likely routing-related. January 6: Orange Guinée "exceptional breakdown" (phone + Internet) lasting ~3 hours. March 25: TalkTalk (UK) dropped ~50% for ~75 minutes, no disclosed root cause.
  10. Redundancy asymmetry at the island level. U.S. Virgin Islands: VI Powernet (AS14434) dropped to near-zero after Richmond Power Plant generation loss + underground cable damage on March 24, but St. Thomas only lost ~60% of its traffic and St. Croix only ~40%, "due to the presence of other providers." Canonical instance of patterns/redundant-isp-absorption-of-partial-outage.
  11. Verizon Wireless: software issue cut voice + data for U.S. subscribers. Started 12:30 ET January 14; resolved by 22:15 ET (03:15 UTC January 15). Contrast with outages caused by external physical damage or deliberate policy — this one was an internal software issue in a mobile carrier at national scale.

Operational numbers

  • Uganda UIXP domestic traffic: ~72 Gbps → ~1 Gbps during shutdown.
  • Iran second shutdown: <1% of previous traffic levels; IPv4 announcements stable; IPv6 effectively zero.
  • Asiatech (AS43754) IPv6 loss: 4.46 million /48-equivalents (~9.4% of Iran).
  • RASANA (AS31549) IPv6 loss: 4.19 million /48-equivalents (~8.8% of Iran).
  • Republic of Congo March 15 election shutdown: traffic near-zero for ~60 hours.
  • Cuba March 16 collapse: traffic ~65% below prior week, disruption >30 hours.
  • Cuba March 21-22 collapse: traffic ~77% below prior week.
  • Paraguay February 18 grid failure: traffic ~72% below prior week, duration ~3 hours.
  • Moldova + Ukraine January 31: traffic ~46% below prior week.
  • Portugal Storm Kristin: traffic ~70% below in Leiria, ~52% in Coimbra; >850,000 E-Redes customers without electricity at peak; >290,000 still without power January 30; >6,000 customers still without electricity >3 weeks after the storm.
  • Republic of Congo WACS cable incident: traffic ~82% below expected levels; ~15-hour full outage.
  • U.S. Virgin Islands: VI Powernet (AS14434) near-zero; St. Thomas ~60% drop; St. Croix ~40% drop.

Caveats

  • Not exhaustive. The post is explicit: "This post is intended as a summary overview of observed and confirmed disruptions and is not an exhaustive or complete list of issues that have occurred during the quarter."
  • Cloudflare-vantage-point bias. Traffic metrics reflect what Cloudflare's edge saw — shifts in the share of regional traffic reaching Cloudflare could confound absolute-loss estimates.
  • No architectural mitigation claims. Unlike incident post-mortems, this review describes what happened without disclosing Cloudflare's own defensive response; the kinetic strikes on AWS receive Cloud Observatory impact data but no discussion of downstream Cloudflare customer impact.
  • Attribution for UK/Grenada/Guinea outages remains unknown. The root-cause framing is "unknown issues" for TalkTalk and Flow Grenada; Orange Guinée disclosed only "exceptional breakdown."
  • No drone-strike attribution specifics. The post ties the UAE / Bahrain strikes to "the ongoing regional conflict" without naming state or non-state actors.
  • No numbers on the Iran whitelist cohort. The filtering
  • whitelist mechanism is described qualitatively but the number of approved sites, approved users, or SIM cards is not disclosed.

Source

Last updated · 427 distilled / 1,229 read