Cyber Incident Victim: European Parliament
Date:
Nov 2022
Location:
Belgium
Summary
A pro-Kremlin hacktivist group claimed responsibility for a distributed denial-of-service (DDoS) attack that temporarily disrupted the European Parliament's website, rendering it unavailable for several hours. The incident occurred shortly after the institution designated Russia as a state sponsor of terrorism, with the attackers explicitly linking their actions to the resolution. IT teams successfully mitigated the attack, restoring normal operations within approximately two hours. The group involved, identified as Anonymous Russia under the Killnet collective, has a history of targeting entities opposing Russian interests, though such DDoS attacks typically cause limited disruption by overwhelming public-facing infrastructure rather than compromising core systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 23, 2022, the European Parliament’s public website experienced a significant distributed denial-of-service (DDoS) attack that rendered it inaccessible for approximately two hours. The outage began in the afternoon Central European Time, with service restored around 1700 GMT. European Parliament President Roberta Metsola publicly attributed the attack to a "pro-Kremlin" group via Twitter shortly after the website went offline, linking the incident directly to the Parliament’s earlier resolution declaring Russia a state sponsor of terrorism. The Parliament’s Director General for Communication, Jaume Duch, confirmed the technical cause as abnormally high external network traffic overwhelming the site’s infrastructure. IT teams responded immediately to mitigate the attack, implementing countermeasures to restore access while maintaining the integrity of internal systems. No data breaches or compromises of sensitive parliamentary systems were reported, consistent with the typical limited impact of DDoS operations targeting public-facing web assets.
The attack occurred hours after the European Parliament adopted a resolution condemning Russia’s military actions in Ukraine, particularly attacks on civilian infrastructure, and formally designated Russia as a state sponsor of terrorism. The hacktivist group Killnet, through its affiliate Anonymous Russia, claimed responsibility, framing the DDoS attack as retaliation for the resolution. This aligned with Killnet’s established pattern of targeting entities in nations supporting Ukraine, including prior attacks on U.S. airport websites, state government portals, and infrastructure in NATO member states like Italy and Lithuania. The group utilized volumetric DDoS techniques—flooding the Parliament’s web servers with traffic—a method the FBI had previously assessed as causing only superficial disruption due to its focus on temporary website unavailability rather than penetrating secured networks. The incident underscored the geopolitical motivations behind the attack while highlighting the operational distinction between disruptive hacktivist actions and more destructive cyber operations targeting critical systems.