Cyber Incident Victim: Estonia

On May 9, 2022, the Estonian Ministry of Foreign Affairs (MFA) website experienced temporary disruption due to distributed denial-of-service (DDoS) attacks. The Information System Authority (RIA) monitoring system detected the attacks commencing at 7:49 a.m. local time, with malicious queries overwhelming the website’s capacity and rendering it inaccessible. The MFA confirmed the disruption was limited to public access to its website, emphasizing that no other ministry operations or internal systems were affected. By approximately noon the same day, service was fully restored following mitigation efforts. The MFA did not disclose technical specifics about the attack volume, duration of peak disruption, or restoration methods. No threat actor group claimed responsibility, and Estonian authorities provided no attribution details at the time of reporting.

This incident followed a pattern of recent cyber disruptions targeting Estonian government infrastructure. During the international Locked Shields cyber exercise in April 2022—weeks prior to the May 9 event—Estonian government websites had similarly faced DDoS attacks. Finland’s government systems also experienced comparable disruptions around the same timeframe, though no direct linkage between these incidents was confirmed. A DDoS attack operates by flooding targeted servers with excessive internet traffic to exhaust resources and disrupt legitimate access. The Estonian Foreign Ministry’s public communications stressed the isolated nature of the disruption, with no compromise of internal networks or data reported. Restoration occurred within approximately four hours, indicating established incident response protocols through RIA’s CERT-EE cybersecurity team.