Cyber Incident Victim: Bratislava
Date:
May 2023
Location:
Slovakia
Summary
Bratislava experienced a significant DDoS cyber attack during an international security conference focused on hybrid threats and support for Ukraine, disrupting municipal electronic systems and parking services. The attack, claimed by an unnamed anti-NATO group opposing perceived escalation toward global conflict, temporarily disabled the city hall's website and forced suspension of parking ticket issuance due to payment system failures. While officials confirmed no data breaches occurred, coordination with national cybersecurity units and service providers was required to restore operations. The group linked its actions to the high-profile conference attended by European leaders and previously asserted responsibility for attacks during the G7 summit in Hiroshima.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On May 31, 2023, Bratislava experienced a disruptive cyber incident coinciding with the GLOBSEC international security conference. A massive distributed denial-of-service (DDoS) attack targeted municipal systems in the early morning hours, disabling Bratislava City Hall's website and disrupting electronic parking services citywide. An unidentified anti-NATO group claimed responsibility for the attack via Twitter, explicitly linking their actions to the ongoing conference that featured high-profile attendees including European Commission President Ursula von der Leyen and French President Emmanuel Macron. The attackers referenced their opposition to NATO policies in social media posts, stating "We can no longer watch as the US and NATO lead society into WWIII" in messages dated earlier in May and using the conference hashtag #GLOBSEC. This group also asserted responsibility for previous cyberattacks targeting Hiroshima during the G7 summit that Ukrainian President Volodymyr Zelenskyy attended. The timing of the Bratislava incident directly overlapped with conference discussions about hybrid threats and support for Ukraine against Russian aggression, though no explicit nation-state attribution was provided in available reports.
The cyberattack's primary operational impact centered on Bratislava's parking infrastructure, where payment systems became inoperable due to the DDoS disruption. City Hall suspended parking ticket enforcement throughout the day since residents couldn't access digital payment platforms. Mayor Matus Vallo confirmed no data breaches occurred despite the service outages and emphasized coordinated recovery efforts involving Slovakia's National Security Bureau, the government's Computer Security Incident Response Team (CSIRT), and municipal internet service providers. While critical conference operations weren't reported as affected, the attack demonstrated capability to disrupt civilian municipal services during a high-profile international security event. Restoration timelines weren't specified, though authorities prioritized returning systems to normal functionality. The incident highlighted vulnerabilities in public service infrastructure while underscoring the attackers' stated objective of leveraging cyber operations to protest NATO's geopolitical stance.