Cyber Incident Victim: Netherlands

The 2024 European Parliament elections commenced in the Netherlands on June 6, 2024, amid distributed denial-of-service (DDoS) attacks targeting politically affiliated websites. Cloudflare observed heightened attack activity on June 5 and 6, with automated systems mitigating over 1 billion HTTP requests in the Netherlands during this period. At least three Dutch political websites were targeted, with two sustaining significant volumetric attacks. On June 5, attacks peaked at 14:00 UTC (16:00 local time), flooding one site with 115 million requests per hour during a four-hour campaign. Simultaneously, a second political website endured 65 million requests per hour. The primary June 5 attack on one victim reached 73,000 requests per second (rps), exhibiting a gradual ramp-up before abruptly ceasing at 18:06 UTC. These disruptions occurred during a geopolitically sensitive period marked by the first EU elections post-Brexit and followed pro-Russian hacker group HackNeT’s public claim of responsibility for Thursday’s cyberattacks.

Attack activity persisted on June 6, with renewed targeting of the most heavily impacted site from the previous day. The primary assault peaked at 11:00 UTC (13:00 local time), generating 44 million requests per hour. A separate politically affiliated website experienced a concurrent attack peaking at 52,000 rps at 11:01 UTC. Cloudflare’s automated mitigation infrastructure responded to these incidents without manual intervention, maintaining service availability. The timing coincided with the Dutch voting window within the broader EU election cycle spanning June 6-9 across member states. Historical context from Cloudflare’s Q1 2024 DDoS threat report noted similar attack surges during geopolitical shifts, including a 466% increase in DDoS activity against Sweden following its NATO accession. No specific operational disruptions or data breaches beyond service availability challenges were detailed in the available reporting.