Cyber Incident Victim: Estonia

On March 9-10, 2024, Estonia experienced its largest distributed denial-of-service (DDoS) attack to date, targeting dozens of public sector websites. The attacks commenced over the weekend, with peak intensity occurring Saturday afternoon against the Police and Border Guard Board, the Tax and Customs Board, and the Ministry of Justice. Attackers generated nearly three billion malicious requests attempting to overwhelm web infrastructure. The Estonian Information System Authority (RIA) confirmed the attacks followed a pattern observed since Russia's full-scale invasion of Ukraine two years prior, with pro-Kremlin hacktivist groups publicly claiming responsibility. Technical monitoring detected the malicious traffic flooding targeted domains, though RIA noted these incidents occur in recurring waves often timed to coincide with Estonian actions or statements supporting Ukraine.

RIA's Computer Emergency Response Team (CERT-EE) activated pre-established countermeasures, mitigating most attack impacts within hours. Pre-existing technical defenses, implemented across major public sector websites in recent years, limited visible disruptions to brief service slowdowns or intermittent availability at the most heavily targeted sites. No data breaches or persistent system compromises were reported. RIA emphasized these DDoS campaigns aim to create public perception of disruption in digitally dependent Western societies while attempting to foster instability. The agency noted similar attacks occur against other nations supporting Ukraine, characterizing them as psychological operations rather than penetrative cyber intrusions. Private sector entities providing critical services received RIA assistance during the incident, though specific companies were unnamed in disclosures.