Internet connectivity in Afghanistan is gradually returning after a two-day nationwide blackout. Independent observers at NetBlocks and Cloudflare Radar recorded a staged recovery in network availability, while local broadcaster TOLOnews reported that “all telecommunications networks have resumed operations.” Authorities attributed the outage to aging fiber-optic infrastructure requiring replacement.
Timeline of the Afghanistan Internet Shutdown
On 29 September 2025, Afghanistan experienced a full internet shutdown. Telemetry from NetBlocks and Cloudflare indicated provider-by-provider disconnections, coinciding with disruptions to voice services. For weeks prior, regional restrictions had been introduced: mid-September saw fiber connectivity curtailed across northern and eastern provinces including Balkh, Baghlan, Badakhshan, Kunduz, Nangarhar, and Takhar, publicly framed as morality-related enforcement. These local measures progressively widened in scope before the nationwide blackout.
What NetBlocks and Cloudflare Data Reveal
Network monitoring platforms track availability by observing traffic flows and routing at the autonomous system (AS) level. During the blackout, analysts noted sharp, synchronous drops in inbound and outbound traffic, correlated timestamps across multiple ASNs, and a stepwise pattern of disconnections. This profile is characteristic of managed network restrictions rather than isolated fiber cuts or power failures, which typically present as geographically bounded incidents with uneven recovery dynamics.
Technical Explanation: Aging Fiber vs. Policy Controls
Officials cited degraded backbone fiber and replacement work as the cause. While fiber aging and node failures do occur, they usually manifest as localized packet loss, latency spikes, or partial service degradation—not near-simultaneous outages across numerous operators. Planned backbone upgrades are commonly executed in maintenance windows with staged rerouting to minimize downtime.
By contrast, centralized measures can include BGP route withdrawals or filtering, disabling internet exchange points (IXPs), wide-scale DPI-based throttling, DNS resolver blocking, or operator-level traffic filtering. The observed phased shutdown and concurrent voice issues align with operator-driven controls, though no comprehensive technical postmortem has been published.
Social Context and Current Status
NetBlocks reported partial restoration “amid protests triggered by the nationwide communications blackout.” Al Jazeera quoted Taliban representatives denying a nationwide ban and reiterating the fiber replacement narrative. As of publication, TOLOnews states telecom networks have resumed service, but the stability of connectivity and completeness of service restoration require continued monitoring.
Cybersecurity and Economic Impact
Nationwide outages disrupt critical sectors—finance, healthcare, logistics, and energy—by impeding transactions, clinical coordination, and operational planning. For cybersecurity teams, blackouts create monitoring blind spots, delay security telemetry and patch distribution, complicate incident response, and increase the likelihood of local attacks in disconnected environments.
Historical data underscores these risks. During the 2019 Iran nationwide shutdown, NetBlocks measured connectivity collapsing to roughly 5–7% of normal levels, severely impacting commerce and reporting. In Pakistan (2024), mobile internet suspensions disrupted fintech services and authentication dependent on OTPs and push notifications. These examples illustrate how connectivity controls cascade into both economic loss and elevated cyber risk.
Recommendations: Building Cyber Resilience Against Internet Blackouts
Diversify connectivity paths: Multi-homing with distinct ISPs, SD-WAN for automatic failover and prioritization of critical traffic, and contingency links via satellite or microwave where feasible.
Harden name resolution: Operate local recursive DNS resolvers with caching, pre-load critical zones, and apply split-horizon policies to maintain internal services during external DNS disruptions.
Plan out-of-band communications: Establish pre-agreed offline runbooks, secure messengers with store-and-forward capability, and radio or satellite channels for incident command when IP links degrade.
Enhance monitoring and situational awareness: Track third-party telemetry through NetBlocks and Cloudflare Radar; run active probes from external vantage points; maintain up-to-date dependency maps for critical services.
Exercise blackout scenarios: Conduct tabletop and red-team drills for prolonged outages; stage local repositories for patches and signatures; enforce policies that prioritize safety-critical updates over bandwidth-intensive tasks.
Large-scale connectivity controls in Afghanistan highlight systemic exposure to internet blackouts—regardless of whether the proximate cause is infrastructure failure or administrative intervention. Organizations should invest in network redundancy, offline-ready procedures, and transparent monitoring. Continuously track independent telemetry, validate business continuity plans, and rehearse response playbooks to reduce downtime and security risk during future incidents.
