Cyber Incident Victim: Serbian Ministry of Internal Affairs
Date:
Jan 2023
Location:
Serbia
Summary
The Serbian Ministry of Internal Affairs experienced multiple large-scale DDoS attacks targeting its website and IT infrastructure, which were successfully mitigated by government personnel and state telecom staff. Enhanced security measures implemented during the incident caused slower system performance and intermittent service disruptions to safeguard internal data. These cyberattacks occurred amid heightened regional tensions in the Balkans, particularly between Serbia and Kosovo over ethnic disputes and delayed elections. Kosovo's leadership accused Russia of attempting to escalate conflicts in the region following setbacks in Ukraine, while Serbian nationalist groups with alleged Wagner Group connections threatened NATO peacekeepers in northern Kosovo. Concurrently, Serbia increased its military alert level following cross-border incidents involving Kosovar police actions and arrests.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 7, 2023, the Serbian government reported multiple "massive" distributed denial-of-service (DDoS) attacks targeting the website and IT infrastructure of its Ministry of Internal Affairs. Government employees, assisted by staff from state-owned Telekom Srbija, successfully repelled five large-scale attacks designed to disable the ministry’s systems. The attacks involved flooding targeted services with junk traffic to render them inaccessible. In response, authorities activated enhanced security protocols, which resulted in slower system performance and occasional interruptions to certain services. These measures were implemented specifically to protect the ministry's data integrity. No threat actor claimed responsibility for the attacks at the time of reporting.
The incident occurred amid heightened geopolitical tensions in the Balkans, particularly involving Serbia’s refusal to recognize Russia’s referendums in occupied Ukrainian territories. Concurrently, violent clashes erupted between ethnic Serbs in northern Kosovo and ethnic Albanian authorities, prompting Kosovo’s Prime Minister Albin Kurti to accuse Russia of seeking to inflame regional ethnic tensions as a diversion from its setbacks in Ukraine. Serbia’s President Aleksandar Vucic had requested permission from NATO’s Kosovo Force (KFOR) to deploy up to 1,000 military and police personnel to the territory following the arrest of a Kosovo Security Force member suspected of shooting two Serb youths. KFOR denied the deployment request, which marked Serbia’s first such appeal since the Yugoslav Wars. Tensions were further exacerbated by delayed local elections in Kosovo and threats of a Serb boycott. Serbian state media reported unverified claims that Kosovar police fired on a protest blockade, while Serbia’s defense minister placed its armed forces at the "highest level of combat readiness" in late December 2022. Serbian nationalist groups in northern Kosovo, allegedly linked to Russia’s Wagner paramilitary group, had also threatened confrontations with NATO troops prior to the cyberattacks.