Cyber Incident Victim: Czech Republic
Date:
Jan 2023
Location:
Czechia
Summary
A distributed denial-of-service (DDoS) attack targeted Czech presidential candidates' campaign websites, causing intermittent outages and accessibility issues for users. The attack, attributed to Russian-aligned hacker group NoName057, overwhelmed the sites with traffic from multiple European IP addresses. The group claimed responsibility via Telegram, citing opposition to Ukrainian military training in the Czech Republic and aiming to disrupt the upcoming presidential election. NoName057 specializes in politically motivated cyberattacks against European government and critical infrastructure targets, having previously targeted Polish and Danish entities. Czech cybersecurity authorities acknowledged multiple election-related DDoS incidents and confirmed collaboration with affected parties, though declined to disclose specific operational details about the ongoing attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 13, 2023, the campaign websites of Czech presidential candidates Petr Pavel and Tomáš Zima experienced significant distributed denial-of-service (DDoS) attacks. Pavel's website became inaccessible to some users starting Friday morning due to overwhelming traffic originating from multiple IP addresses across Europe. While service was partially restored, intermittent outages persisted as attacks continued throughout the day. Zima's campaign simultaneously reported similar disruptions, characterizing this incident as more severe than a previous mid-week attack on their digital infrastructure. Both campaigns worked with technical teams to maintain operational status despite ongoing bombardment. The attacks specifically targeted website availability through standard DDoS methodology—flooding servers with excessive requests to trigger service degradation rather than attempting system infiltration or data compromise.
The Russian-aligned hacking collective NoName057(16) claimed responsibility via Telegram, explicitly linking their actions to Czech military training provided to Ukrainian forces at the Libavá base and the upcoming presidential elections. This group, active since March 2022 following Russia's invasion of Ukraine, previously targeted Polish government websites and Danish financial institutions. The Czech National Office for Cyber and Information Security (NÚKIB) confirmed observing multiple election-related DDoS incidents but declined operational specifics, noting coordination with affected entities. NoName057(16)'s statement framed the attacks as political retaliation against perceived Western involvement in the Ukraine conflict, exploiting the electoral context to amplify disruptive impact. Service restoration efforts remained ongoing at the time of reporting, with both campaigns prioritizing availability maintenance amid sustained malicious traffic.