To do that, the attackers interrupted and modified victims DNS requests and redirected them to malicious IP addresses.
Once the ISP rebooted, it took specific web connection components offline, which immediately stopped the DNS poisoning.
source: www.techworm.net
