National Security News

Reporting the facts on national security

National Security News

Cyber Russia Tech Uncategorized

From Russia without love – notorious hacking group Killnet target private and state institutions in Estonia In biggest cyber attack since 2007 

Pro-Russian hackers Killnet have again reminded the world that the war with Ukraine is not just being fought on the ground. This week, Killnet blitzed a wave of public and private websites in Estonia in the biggest cyber-attack of its kind against the Baltic state since 2007. 

The official website of Estonian President Alar Karis was among 200 targeted by the pro-Putin cyber criminals using IP addresses which have all been traced back to Russia. 

But despite sending more than forty million DDoS queries to the president’s website, the hackers failed to bring it down. 

Among those also subjected to attacks – designed to overwhelm the networks with service requests – were, the cyber security division of the Estonian Ministry of Defence;, the police and border guard force; and, the country’s postal service. 

Mr Karis later said that the onslaught was 50 times more powerful than the last one on his office a few weeks ago. 

Tõnu Tammer
Tõnu Tammer. Source: ERR

Tõnu Tammer, Head of Incident Response (CERT-EE) at the Estonian Information Authority (RIA) told NSN that there have been twice as many cyber-attacks against Estonia since the conflict began in the Ukraine.  

But apart from the attack on, homepage of the Estonian Tax and Customs Board, which was unavailable between 12.30pm and 1.40pm, all the other 200 websites targeted by the Russians were unaffected. 

“From the beginning of August, the frequency of large-scale DDoS attacks against Estonian public authorities and businesses has increased. The peak of the August attacks so far was on 16 and 17 August, when the range of targets, as well as the volume of the attacks increased,” Tammer said. 

“Usually CERT-EE – department of Estonian Information System Authority – registers around ten DDoS attacks in a month. In August we have already seen more than 20 DDoS attacks. We also witnessed a similar increase on 9 and 10 April when the Locked Shields international cyber defence exercise was held in Estonia. 

“On 17 August, the websites of,,, and were targeted, among others, but the attacks did not have an effect or had minimal effect on the functioning of the websites, to the knowledge of the Estonian Information System Authority (RIA).  

“The attack against the website of (home page of Estonian Tax and Customs Board) on 17 August had the most visible effect, with the website being unavailable from 12.30pm to 1.40pm. After changing the settings and implementing additional defence mechanisms, it was possible to use the website again. Still, all the services were functional and only the web page was affected. 

“Based on what is known at this point, the attacks over the last few days were primarily targeted against the clients of the State Network of the Information System Authority. We have to keep in mind that such attacks may last several days, and it is quite likely that some websites may not be immediately available at one point or another. 

“It is relatively simple to organise distributed denial-of-service attacks and such attacks are a daily occurrence in the Estonian cyber space. RIA emphasizes that data confidentiality is not at risk due to the DDoS attacks because attackers cannot access or change the data. 

“The attacks come from the cyber criminals known to us since spring, but naming the group would give them attention which they do not deserve.  

“We are also carefully monitoring whether any attempts are made to launch other attacks in the shadow of the DDoS attacks. We remain alert. We actively exchange information with domestic, as well as foreign partners. 

“Bulk [sic] of the web pages that were under attack were not affected because they are using different kind of solutions and defence mechanisms. This is possible because the government has provided us with the means to buy and impliment different tools.“ 

PRO-Russian hacktivist group Killnet has built up a fearsome reputation when it comes to launching cyber-attacks on countries daring to stand alongside the Ukraine. 

 In May, the pro-Vladimir Putin cyber group announced it would commence a “Global internet attack” against the US, UK, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland, and Ukraine. 
Italy was one of the first to be targeted, as Killnet mounted DDoS attacks on the websites of the Senate, Italy’s upper house of parliament, and the National Health Institute. 
The same month it threatened to shut down UK hospital ventilators over the arrest of a 23-year-old alleged member in London for an attack on Romanian government websites. 
It also claimed credit for a DDoS attack on the website of the Bradley International Airport, saying this was in response to US support for Ukraine. 

The attack came as Estonia, a NATO member, relocated part of a Soviet-era World War II monument to a museum, which was then subjected to a misinformation campaign in Russia in which the public was told their neighbour had destroyed artefacts. 

Despite only having of population of 1.3 million, Estonia is one of Europe’s major software development hubs, and one of the most cyber secure – making it a poor choice by Killnet. 

It has, however, also been one of the Ukraine’s biggest supporters, providing more military and humanitarian assistance per capita, than any other country. It gained its independence from Russia in 1991. 

The earlier 2007 attack was also linked to hackers suspected of having links to the Kremlin. 

Dennis Rice is a former Producer at Channel 4 Dispatches and also worked as the Investigations Editor of the Mail on Sunday. He has been a contributor to National Security News since its launch and can be followed on Twitter under @Tvjourn.