Cyber Incident Victim: Republic of Latvia
Date:
Aug 2022
Location:
Latvia
Summary
A pro-Kremlin hacker group targeted the parliament of Latvia with a distributed denial-of-service (DDoS) attack, causing temporary website downtime but not disrupting legislative operations due to pre-established defensive measures. The attack followed the nation's designation of Russia as a state sponsor of terrorism and aligned with the group's declared campaign against countries supporting Ukraine, particularly Baltic states with historical ties to the Soviet Union. This incident occurred amid a broader pattern of frequent cyberattacks against the region, including previous large-scale assaults linked to geopolitical actions such as the removal of Soviet monuments and export restrictions against Russia. The same hacker collective collaborated with other pro-Russian groups to execute similar attacks against allied nations, including Finland during its NATO accession process.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 11, 2022, the website of Latvia’s parliament, the Saeima, became inaccessible for several hours following a distributed denial-of-service (DDoS) attack by the pro-Kremlin hacker group Killnet. The attack occurred after Latvia’s parliament designated Russia as a "state sponsor of terrorism," aligning with the group’s pattern of targeting nations supporting Ukraine. Killnet publicly claimed responsibility on its Telegram channel, posting a screenshot confirming the website’s downtime. Latvia’s Computer Emergency Response Team (CERT.LV) reported that parliamentary operations remained unaffected due to pre-established defensive measures. The incident marked another escalation in Killnet’s campaign against Baltic states, which had intensified since May 2022 when the group declared cyber "war" against countries backing Ukraine, including the U.S., U.K., Germany, Italy, Latvia, Lithuania, Estonia, Poland, and Romania.
Latvia and Lithuania faced persistent targeting due to their historical ties to the Soviet Union, substantial Russian-speaking populations, and staunch support for Ukraine following Russia’s full-scale invasion. In July 2022, Killnet launched one of Latvia’s largest cyberattacks—a 12-hour assault on its public broadcasting center—after Latvia announced plans to dismantle nearly 300 Soviet-era monuments. CERT.LV head Baiba Kaskina noted unprecedented cyber tensions, with daily attacks sometimes exceeding 1,000 targets. Lithuania experienced similar disruptions in June 2022 when over 130 government websites suffered DDoS attacks for more than 10 days following its blockade of Russian coal and metal exports. Concurrently, Finland’s parliament website was disrupted by pro-Russian group NoName057(16) on August 10, 2022, coinciding with U.S. support for Finland’s NATO bid. Cybersecurity experts confirmed collaboration between Killnet and NoName057(16), including joint attacks on Italian, Romanian, German, Norwegian, Czech, and Baltic government sites in late June 2022. The Baltic nations’ responses centered on defensive hardening and public transparency, though operational continuity was maintained during these incidents.