Cyber Incident Victim: Czech Republic
Date:
Apr 2022
Location:
Czechia
Summary
A pro-Russian threat group known as Killnet conducted distributed denial-of-service attacks against multiple Czech critical infrastructure entities, including railways, airports, and government portals, disrupting online services and temporarily disabling public-facing systems. The Czech Interior Minister attributed the attacks to Russian hackers, confirming no data theft occurred. Killnet claimed responsibility via Telegram, expanding its targets to additional airports and critical services while asserting broader campaigns against NATO nations supporting Ukraine, including unverified attacks on infrastructure in Poland, Germany, the UK, and Estonia. The group's motivation centers on inflicting maximum damage to adversaries of Russia amid the Ukraine conflict, though physical operations at affected facilities reportedly remained unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-April 2022, pro-Russian threat actor Killnet launched distributed denial-of-service (DDoS) attacks against multiple Czech critical infrastructure entities, escalating tensions amid the Russia-Ukraine conflict. The Czech National Cyber and Information Security Agency (NÚKIB) confirmed severe DDoS attacks beginning the week of April 18, targeting Czech Railways' online ticketing systems and mobile applications, causing prolonged outages in ticket purchases and connection searches. Concurrently, Karlovy Vary Airport experienced server overload from Wednesday night attacks, though domestic website access remained functional, while Pardubice Airport reported complete web system failures. The Czech public administration portal sustained multi-day operational disruption. NÚKIB's own website became unreachable from outside the country during a Thursday attack, prompting the agency to recommend standard DDoS mitigation measures via Twitter. Interior Minister Vít Rakušan attributed the attacks to Russian hackers during a press briefing, confirming no data theft occurred but emphasizing infrastructure impacts. Czech Railways publicly acknowledged the cyberattack's effects on customer-facing systems while working to minimize traveler disruptions.
Killnet claimed responsibility through its Telegram channel, expanding its target list to include Brno-Turany Airport, Ostrava Airport, Prague International Airport, and unspecified defense, banking, telecommunications, and hosting entities – though these additional claims remained unverified. The group, active since January 2022, demonstrated pro-Russian alignment through propaganda videos and explicitly cited retaliation against nations supporting Ukraine. Cybersecurity authorities including CISA identified Killnet as an emerging threat, noting its March 2022 DDoS attack against Connecticut's Bradley International Airport following U.S. aid to Ukraine. Beyond Czech targets, Killnet claimed attacks on eight Polish airports to disrupt weapons transfers, along with critical infrastructure in Germany, the UK, and Estonia, though no corroboration was provided by affected nations. The campaign reflected coordinated strikes against NATO members assisting Ukraine, with DDoS serving as the primary disruption tactic against civilian transportation and government services. Czech technical responses focused on restoring web accessibility while maintaining physical operational safety at transportation hubs.