Cyber Incident Victim: National Council of the Slovak Republic

On May 31, 2023, Bratislava, the capital of Slovakia, experienced a significant disruption to its digital city services. The incident commenced in the early morning hours, coinciding with the first day of the GLOBSEC international security conference being hosted in the city. The initial manifestation of the attack was the complete unavailability of the Bratislava city hall's official website, which was rendered inaccessible to the public. The technical nature of the incident was identified as a massive distributed denial-of-service (DDoS) attack, a method designed to overwhelm online services with a flood of internet traffic, causing them to become unresponsive.

The scope of the cyber attack extended beyond the primary city hall website. Municipal parking services, which rely on online systems for payment and operation, were also disabled by the overwhelming traffic. This particular failure had an immediate and tangible impact on daily life in the city. Because citizens were unable to access the digital platforms required to pay for parking, the city administration made a decision to suspend the issuance of parking tickets for the entire day. This action was a direct response to the technical impossibility of completing transactions and was intended to avoid penalizing residents for a service they could not legally pay for due to the outage.

The timing of the attack was highly conspicuous, directly aligning with the GLOBSEC Bratislava Forum. This high-profile conference focuses on a range of security topics, with a particular emphasis on contemporary hybrid threats and strategies for supporting Ukraine against Russian aggression. The event attracted numerous prominent international figures, including European Commission President Ursula von der Leyen and French President Emmanuel Macron. The concurrent timing strongly suggested the attack was deliberately orchestrated to disrupt the city during a major event that placed a spotlight on European security and unity.

Responsibility for the disruptive actions was claimed by a cyber group on the social media platform Twitter. While the specific identity of this group was not officially named by city authorities in their public communications, the group’s own posts provided context for their motives. Their messages, which included the hashtag #GLOBSEC, explicitly linked the attack to the conference. The group’s rhetoric was strongly anti-NATO and anti-US, stating, “We can no longer watch as the US and NATO lead society into WWIII. We are to stop it!” This statement was not made anew on the day of the attack but was a repetition of a declaration the group had posted earlier in May 2023, indicating premeditation.

This same group also asserted that it was responsible for a similar cyber incident that targeted the city of Hiroshima, Japan. That attack had occurred during the G7 summit, which was attended by Ukrainian President Volodymyr Zelenskyy. By drawing this parallel, the group positioned itself as an actor conducting coordinated digital protests against high-level international political gatherings that involved Western alliances and support for Ukraine. The claim, while not independently verified in the immediate reporting of the Bratislava incident, established a potential pattern of behavior and a clear ideological motive behind the disruption.

Upon detection of the service outages, the city's response was initiated promptly under the leadership of Bratislava Mayor Matus Vallo. The primary immediate goal was to restore critical city services to normal operation as quickly as possible. The municipal government did not act in isolation; it engaged in active communication and coordination with national-level security and technical bodies. This included collaboration with the Slovak government’s Computer Security Incident Response Team (CSIRT), the National Security Bureau, and the city’s commercial internet service provider. This multi-layered response strategy combined internal municipal efforts with specialized national cybersecurity expertise and external provider support to mitigate the attack.

A crucial element of the official response was public communication from Mayor Vallo. He provided a statement confirming the nature of the attack as a DDoS incident and, significantly, assured citizens and stakeholders that the breach was limited to service availability. He explicitly stated that no data breach had occurred. This distinction was vital, as it clarified that while services were disrupted, the confidentiality and integrity of citizen data held by the city remained uncompromised. This helped to contain potential public alarm regarding the exposure of personal information.

The impacts of the incident were multifaceted. The most direct effect was the operational degradation of key municipal digital services, primarily public access to information via the city website and the functionality of the paid parking system. The financial impact on the city from the loss of parking revenue for a single day was likely minor, but the disruption to citizen convenience and the image of municipal operational resilience was more significant. The attack successfully generated media attention precisely because of its timing, drawing international press coverage to the group's anti-NATO message and highlighting the vulnerability of critical city infrastructure to such low-cost, high-visibility attacks.

The incident served as a real-world example of a hybrid threat, a topic actively being discussed at the GLOBSEC conference itself. It demonstrated how cyber tools can be used to create tangible disruption and garner psychological leverage during significant geopolitical events. The attack did not involve sophisticated infiltration or data theft but achieved its apparent goal of causing disruption and generating publicity for a specific political viewpoint opposing the current NATO stance. The response actions undertaken by the city and national authorities were focused entirely on containment and restoration, with no public indication of any pursuit of offensive countermeasures or immediate attribution beyond acknowledging the claims made online.

The event concluded with services being gradually restored throughout the day, though the precise timeline for full restoration was not detailed in initial reports. The aftermath left no permanent damage to the city's digital systems, as confirmed by the mayor's statement regarding the absence of a data breach. However, the incident underscored the persistent threat that DDoS attacks pose to public sector digital infrastructure and the ease with which such attacks can be timed for maximum symbolic impact during high-profile international events. The coordination between local and national cybersecurity entities during the response highlighted the importance of established incident response protocols for managing such disruptive events effectively.