Estonia becomes latest CEE country to be targeted by Russian hackers Killnet
Reading Time: 2 minutesEstonia has repelled its most severe hacking attack in 15 years, the government announced on Thursday. The hack of the previous day targeted 207 Estonian institutions, including its main online payment platform, according to the country’s digital communications officials. The country’s main banks, health, home, public and education services were also attacked.
“Estonia was subject to the most extensive cyber attacks it has faced since 2007,” wrote Luukas Ilves, undersecretary for digital transformation at Estonia’s Ministry of Economic Affairs and Communications.
“The attacks were ineffective. Services were not disrupted. With some brief and minor exceptions, websites remained fully available throughout the day,” Ilves added.
The hacking attempts took place on Wednesday, the day before the Baltic country officially stopped issuing visas to Russians and rescinded existing Schengen visas, and shortly after Estonian authorities dismantled a T-34 tank that served as a Soviet monument in the ethnic-Russian-majority Narva region in east Estonia.
New pro-Russia hackers group targeting CEE countries
Killnet, a group of Russian hackers thought to have been formed in March 2022, claimed responsibility for the attack on Telegram, on Wednesday.
“Currently, there are big problems with online payment in Estonia,” the hackers claimed, a reference to the country’s main payment aggregator ESTO AS.
Although it has inconvenienced numerous countries in Central And Eastern Europe (CEE), Killnet’s preferred method of disruption has predominantly been the relatively primitive DDoS (distributed denial of service) attack, which use large numbers of computers to overwhelm websites with traffic.
Western intelligence agencies have Killnet on their radar
In April, the Five Eyes – a western intelligence alliance comprising the UK, the US, Australia, Canada and New Zealand – issued a warning about Russian-aligned hacker groups including Killnet, as well as the Russian secret services FSB and military equivalent GRU, planning attacks on critical infrastructure.
That same month Killnet claimed responsibility for attacks on Czech state institution websites, and later carried out attacks on Romanian online government portals.
In early May, following explosions in the Moldova’s breakway Transnistria region, Moldovan security services reported that the hacking group had launched a series of cyberattacks from abroad against websites of official authorities and institutions.
In June Killnet also claimed responsibility for DDoS attacks against Lithuanian network infrastructure in retaliation for a dispute over transits to and from the Russian enclave of Kalingrad.
In early July, Killnet reportedly targeted Latvia’s state broadcaster in the largest ever cyberattack on the country. The public broadcaster said the attack has been successfully repelled. The group also attacked the website of the Latvian parliament after it passed a resolution that the Russian state “sponsors terrorism”.
Latvia is planning to destroy around 300 Soviet war memorials, including the enormous Victory Monument in Riga, by November, London’s The Times noted.
This month the hacker group also claimed to have hacked data about staff at US corporation Lockheed Martin, which produces M142 High Mobility Artillery Rocket Systems, which are shipped to Ukraine.
Killnet hackers even unsuccessfully attempted to block the 2022 Eurovision Song Contest website during Ukraine’s ultimately triumphant performance. When Italian police said their attack had failed, Killnet denied this and promptly attacked the state police site.
Since suffering cyberattacks at the hands of Russia 15 years ago, in response to its removal of a Soviet-era statue, Estonia has strengthened its cyber security.
On Thursday, Ilves wrote “Kudos to the teams working to keep the lights on for Estonia” and singled out the Estonian Information System Authority for its support. As the Estonia’s government’s chief information officer “I slept well” (on Wednesday night), Ilves added.