Cyber Incident Victim: Ministry of the Interior of the Czech Republic
Date:
Apr 2022
Location:
Czechia
Summary
A cyberattack disrupted online services of the Czech Ministry of Interior, including police and fire brigade portals, rendering them inaccessible due to server overload. The incident was attributed to a distributed denial-of-service (DDoS) attack claimed by the pro-Russian hacker group Killnet. This followed prior warnings from the National Cyber and Information Security Office (NÚKIB) about heightened cyber threats linked to the Russia-Ukraine conflict, with critical risk levels assessed for Czech institutions. While the attack caused operational disruptions, authorities confirmed no compromise of sensitive citizen data occurred. NÚKIB had previously urged organizations to bolster defenses against such tactics, emphasizing updates and vulnerability management to mitigate known exploit risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 27, 2022, the Czech Ministry of the Interior (Ministerstvo vnitra České republiky) experienced a distributed denial-of-service (DDoS) attack that disrupted access to its primary website (mvcr.cz) and affiliated portals for the police and fire services. The attack began in the morning, causing prolonged unavailability marked by an error message stating, "We apologize for the temporary unavailability of the website. The portal is currently overloaded. Please repeat your attempt later." The Ministry promptly confirmed to the Czech News Agency (ČTK) that the outage resulted from a cyberattack. Attackers deployed a DDoS technique, flooding the servers with simultaneous requests from hundreds of thousands of computers, overwhelming their capacity and rendering the sites inaccessible to legitimate users. The pro-Russian hacker group Killnet later claimed responsibility for the attack. This incident followed public statements by Interior Minister Vít Rakušan the prior week acknowledging Russian hackers had targeted Czech state and private institutions, though he emphasized no citizen data was compromised in those earlier incidents.
The attack occurred amid heightened cybersecurity warnings from the National Cyber and Information Security Agency (NÚKIB), which had issued a critical alert in late February 2022 due to escalating cyber threats linked to the Russia-Ukraine conflict. NÚKIB Director Karel Řehka classified the threat level as "critical" and urged organizations—including those outside mandatory regulatory scope—to update systems, address vulnerabilities, and adopt defensive measures against common attack techniques. The agency specifically highlighted risks to media entities and critical infrastructure operators. While the April 27 DDoS attack caused operational disruption to public-facing portals, no data breach or theft was reported. The incident exemplified the sustained targeting of Czech institutions by pro-Russian actors during this period, aligning with NÚKIB’s earlier assessments of elevated cyber warfare risks. Government responses included public attribution of the attack and reaffirmation of preexisting security protocols mandated under Czech cybersecurity legislation.