Cyber Incident Victim: Greek Government
Date:
Nov 2022
Location:
Greece
Summary
A significant DDoS attack targeted Greece's digital government infrastructure, disrupting over 800 services including Gov.gr, TAXISnet authentication systems, and electronic medical prescriptions. Originating from the Netherlands, the attack overwhelmed systems for more than 48 hours, forcing healthcare providers to issue handwritten prescriptions and hindering emergency pharmacy services. National Cybersecurity Authority technicians collaborated with telecommunications providers to mitigate the incident through geoblocking of Dutch traffic, restoring approximately 600 services within two days while addressing security vulnerabilities exposed by the sustained botnet-driven HTTP flood.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 11, 2022, Greece’s Ministry of Digital Governance experienced a significant distributed denial-of-service (DDoS) attack targeting its critical information systems, primarily affecting the TAXISnet platform and Gov.gr services. The attack commenced on Friday morning and persisted for over 48 hours, disrupting approximately 800 government websites and digital services. Initial investigations indicated the attack originated from the Netherlands, leveraging botnets to flood systems with HTTP requests, which interrupted data transmission and rendered services inaccessible or severely degraded. The National Cybersecurity Authority was immediately activated to coordinate the response, with technicians from OTE, the state telecommunications provider, working continuously to mitigate the attack. Attackers exploited publicly accessible endpoints, raising concerns about potential unauthorized access to sensitive databases, though no explicit data breach was confirmed in the available reporting. The scale of the disruption marked one of the largest cyber incidents in Greece’s history, directly impairing essential citizen-facing operations.
The attack’s impacts extended across multiple sectors, most notably crippling electronic prescription services nationwide. Medical professionals were forced to issue handwritten prescriptions during emergencies over the weekend, while on-call pharmacies could not process electronic requests. Hospital emergency rooms faced similar challenges, delaying patient care. Additionally, hundreds of Gov.gr services reliant on TAXISnet authentication codes—including those interfacing with banking institutions—were rendered inoperative. Response teams implemented geoblocking measures targeting the Netherlands to halt malicious traffic, identifying the Azure network as a conduit for the attack. By Sunday evening, technicians had restored approximately 600 services through system reconfigurations and security adjustments, though full recovery efforts continued beyond the initial 48-hour window. The incident underscored the operational vulnerabilities of interconnected government digital infrastructure to sustained DDoS campaigns.