Cyber Incident Victim: Republic of Slovenia

A series of distributed denial-of-service (DDoS) attacks targeted Slovenian government institutions and critical websites between late March and April 2024. The initial wave in late March and early April disrupted websites of state institutions, state-owned companies, and media outlets. A Russian cybercriminal group claimed responsibility for these attacks, citing Slovenia's support for Ukraine as motivation. On April 10, the president's website experienced brief inaccessibility, followed by escalated attacks on April 11 that rendered multiple high-profile government domains unavailable. Primary targets included the government's central portal (gov.si) and the Slovenian central bank's website, which remained offline since the afternoon of April 10. The Statistics Office website became inaccessible on April 11, while the Constitutional Court and Competition Protection Agency sites were also impacted during this period.

Authorities activated emergency response protocols led by the operational group of the National Security Council secretariat, maintaining continuous coordination throughout the crisis. State Secretary Vojko Volk confirmed the attacks on April 11 and assured the public that protective measures were being implemented daily. Prime Minister Robert Golob announced plans to increase cybersecurity funding and staffing to enhance future defenses. Volk emphasized Slovenia's operational stability despite the disruptions, noting that while most attacks originated from groups linked to Vladimir Putin's regime, not all could be definitively attributed to Russian actors. Cybersecurity experts characterized the DDoS attacks as technically unsophisticated but psychologically impactful due to their public visibility and intent to spread fear. They predicted similar "active developments" would persist for at least two years, reflecting ongoing geopolitical tensions related to the Ukraine conflict.