Pro-Russian hackers Killnet have again reminded the world that the war with Ukraine is not just being fought on the ground. This week, Killnet blitzed a wave of public and private websites in Estonia in the biggest cyber-attack of its kind against the Baltic state since 2007. 

The official website of Estonian President Alar Karis was among 200 targeted by the pro-Putin cyber criminals using IP addresses which have all been traced back to Russia. 

But despite sending more than forty million DDoS queries to the president’s website, the hackers failed to bring it down. 

Among those also subjected to attacks – designed to overwhelm the networks with service requests – were, the cyber security division of the Estonian Ministry of Defence;, the police and border guard force; and, the country’s postal service. 

Mr Karis later said that the onslaught was 50 times more powerful than the last one on his office a few weeks ago. 

Tõnu Tammer
Tõnu Tammer. Source: ERR

Tõnu Tammer, Head of Incident Response (CERT-EE) at the Estonian Information Authority (RIA) told NSN that there have been twice as many cyber-attacks against Estonia since the conflict began in the Ukraine.  

But apart from the attack on, homepage of the Estonian Tax and Customs Board, which was unavailable between 12.30pm and 1.40pm, all the other 200 websites targeted by the Russians were unaffected. 

“From the beginning of August, the frequency of large-scale DDoS attacks against Estonian public authorities and businesses has increased. The peak of the August attacks so far was on 16 and 17 August, when the range of targets, as well as the volume of the attacks increased,” Tammer said. 

“Usually CERT-EE – department of Estonian Information System Authority – registers around ten DDoS attacks in a month. In August we have already seen more than 20 DDoS attacks. We also witnessed a similar increase on 9 and 10 April when the Locked Shields international cyber defence exercise was held in Estonia. 

“On 17 August, the websites of,,, and were targeted, among others, but the attacks did not have an effect or had minimal effect on the functioning of the websites, to the knowledge of the Estonian Information System Authority (RIA).  

“The attack against the website of (home page of Estonian Tax and Customs Board) on 17 August had the most visible effect, with the website being unavailable from 12.30pm to 1.40pm. After changing the settings and implementing additional defence mechanisms, it was possible to use the website again. Still, all the services were functional and only the web page was affected. 

“Based on what is known at this point, the attacks over the last few days were primarily targeted against the clients of the State Network of the Information System Authority. We have to keep in mind that such attacks may last several days, and it is quite likely that some websites may not be immediately available at one point or another. 

“It is relatively simple to organise distributed denial-of-service attacks and such attacks are a daily occurrence in the Estonian cyber space. RIA emphasizes that data confidentiality is not at risk due to the DDoS attacks because attackers cannot access or change the data. 

“The attacks come from the cyber criminals known to us since spring, but naming the group would give them attention which they do not deserve.  

“We are also carefully monitoring whether any attempts are made to launch other attacks in the shadow of the DDoS attacks. We remain alert. We actively exchange information with domestic, as well as foreign partners. 

“Bulk [sic] of the web pages that were under attack were not affected because they are using different kind of solutions and defence mechanisms. This is possible because the government has provided us with the means to buy and impliment different tools.“ 

PRO-Russian hacktivist group Killnet has built up a fearsome reputation when it comes to launching cyber-attacks on countries daring to stand alongside the Ukraine. 

 In May, the pro-Vladimir Putin cyber group announced it would commence a “Global internet attack” against the US, UK, Germany, Italy, Latvia, Romania, Lithuania, Estonia, Poland, and Ukraine. 
Italy was one of the first to be targeted, as Killnet mounted DDoS attacks on the websites of the Senate, Italy’s upper house of parliament, and the National Health Institute. 
The same month it threatened to shut down UK hospital ventilators over the arrest of a 23-year-old alleged member in London for an attack on Romanian government websites. 
It also claimed credit for a DDoS attack on the website of the Bradley International Airport, saying this was in response to US support for Ukraine. 

The attack came as Estonia, a NATO member, relocated part of a Soviet-era World War II monument to a museum, which was then subjected to a misinformation campaign in Russia in which the public was told their neighbour had destroyed artefacts. 

Despite only having of population of 1.3 million, Estonia is one of Europe’s major software development hubs, and one of the most cyber secure – making it a poor choice by Killnet. 

It has, however, also been one of the Ukraine’s biggest supporters, providing more military and humanitarian assistance per capita, than any other country. It gained its independence from Russia in 1991. 

The earlier 2007 attack was also linked to hackers suspected of having links to the Kremlin. 


  • Dennis Rice

    National Security News (NSN) welcomes the appointment of Dennis Rice, former Chief Reporter of the Daily Express and Investigations Editor of the Mail on Sunday, as its Launch Editor. He brings with him three decades of experience covering national and international news, which has also included a stint working as a producer at Channel 4 Dispatches. Commenting on his new role, Dennis said: “NSN is a digital platform which exists purely to break stories and uncover new twists and exclusives around existing ones. Whether it’s reporting on the cloak and dagger world of espionage, cyber terrorism, subversion, or intelligence we are very much looking forward to giving the existing media a run for its money.” Dennis Rice is a veteran investigative journalist who has finished as a runner up in Journalist of the Year category at the British Press Awards. He also worked as Investigations Editor of the Mail on Sunday, Chief Reporter of the Daily Express, and as a senior journalist at the Sunday Mirror and the News of the World. His Dispatches credits include working as a producer on How To Stop Your Nuisance Calls (an expose on charity fundraisers) and Murder in the Sky: Flight MH17 (reporting on the crash of the Malaysia Airlines flight MH17, shot down over the eastern Ukraine). While at the Mail on Sunday he wrote a series of articles which resulted in the resignation of BP Chief Lord Browne, and earlier David Blunkett as the then Work and Pensions Secretary. In 2011 he was paid damages at the High Court after his former employer the News of the World admitted hacking his phone.