Language switcher

You are here

November 2020 in the Estonian cyberspace: attacks on government networks and DDoS attacks for extortion

The most serious cyber incidents in November were attacks on the networks of Estonian state agencies: criminals gained access to the servers of three ministries to a certain extent. Last month, the Information System Authority (RIA) was also notified of denial-of-service attacks (DDoS) in an attempt to extort money from companies and financial institutions.

We wrote about the attacks on the servers of the administrative fields of the Ministry of Economic Affairs and Communications and the Ministry of Social Affairs and the server of the Ministry of Foreign Affairs in our press release. RIA assisted the authorities affected by the attack and identified how the attack was organised. In all three attacks, the server hosting the websites was attacked. In one case, the attackers managed to access the servers in the administration field. In the other two cases, they were unable to get past the web server. RIA initiated supervision proceedings, the Data Protection Inspectorate initiated its own proceedings, and the Central Criminal Police initiated criminal proceedings in connection with obtaining illegal access to the systems.

Last month, a DDoS attack was carried out on an Estonian company and financial institutions. At the beginning of the attack, the criminals sent a blackmail letter, demanding money to stop the attacks. Both companies have appropriate safeguards in place, so the impact of the attacks was minimal. If your company is hit by a denial-of-service attack or you receive a blackmail letter, let us know at cert[@]

In November, a company offering a cryptocurrency trading platform registered in Estonia announced that a large amount of Bitcoin and Ethereum cryptocurrencies had been stolen from them due to the platform’s security vulnerabilities.

The effect of the Emotet malware, which reached Estonian computer users in autumn, can still be seen in winter. Last month, 150 infected devices were reported to RIA. Malware can be installed in Emotet-infected devices, which can, in turn, steal and encrypt data. The real damage caused by Emotet attacks will be revealed much later, when the criminals have found out which companies or institutions they were able to hack with their malware.

Activities to improve cybersecurity in Estonia

In connection with the attacks on the servers of Estonian state agencies identified in November, which took advantage of critical vulnerabilities in web servers, CERT-EE prepared recommendations (in Estonian) for vital and important service providers to prevent such incidents.

Together with the seniors’ university programme, the Information System Authority organised a two-part virtual workshop on cybersecurity. Based on the workshop, a two-part Russian-language training video has also been completed, which can be found on Youtube here » and here ».

In early November, the Information System Authority published a guide on how to safely set up your own or your family member’s smartphone. These tips can be found here (in Estonian).

Seiko Kuik
Press Officer of the Information System Authority
5851 7028

More news on the same subject


Large-scale denial-of-service attacks have ended

29.4.2022 – According to the assessment of the Information System Authority (RIA), the denial-of-service attacks that began on 21 April concluded by the evening of 25 April. The purpose of the denial-of-service attacks was to disrupt the operation of 13 websites, but due to the countermeasures applied, the effect of the attacks was insignificant.


DDoS attacks against state websites had no significant effect

21.4.2022 – From 4 p.m. this evening, the security incident management organisation (CERT-EE) of the Information System Authority (RIA) identified distributed denial-of-service (DDoS) attacks against state websites. The attacks caused short-term interruptions in the accessibility of some websites, but had no significant effects.