Three separate cyber attacks were made on three different government ministries were made in November, the Information System Authority (RIA) says. The hackers also obtained personal data via the attacks, including infectious diseases information hacked from the Health Board's (Terviseamet) information system.
The Ministry of Economic Affairs and Communications, the Ministry of Social Affairs and Ministry of Foreign Affairs were the three ministries hit, RIA says, with the economic affairs ministry the most heavily-affected of the three.
At the same time, Raul Rikk, National Cyber Security Policy Director at the economic affairs ministry, told ERR's online news in Estonian that there is no clear and present risk of disruption to state services.
Rikk said: "We have asked IT experts from both public and private sectors to address the situation. Initial security measures have been implemented, and we are working on the basis that both will succeed."
RIA deputy director: Severe incidents
"The situation has now been brought under control. We've informed our partners both in the public and the private sector on how the likelihood of such attacks succeeding can be reduced. RIA will continue further analysis of these cyber incidents. We have communicated with the software developers, and the cyber security vulnerabilities have been patched," Aasmann went on.
In the case of the Ministry of Economic Affairs and Communications, the hackers were able to access the servers within its jurisdiction, with criminal activity discovered, ERR's online news in Estonian reports.
Health Board contacting individuals whose data was compromised
The Ministry of Social Affairs attack saw the cyber criminals accessing data on the circumstances of the spread of infectious diseases on 9,158 individuals, via the Health and Welfare Information Systems Center (TEHIK).
The TEHIK was able to block the hackers within eight hours, ERR reports, and affected individuals will be contacted by the Health Board within the next few days.
The public authorities affected have determined in cooperation with RIA the attacks' methodologies, and taken action to prevent further data theft, BNS reports.
The three attacks reportedly bore similarities to one another.
The Central Criminal Police has launched criminal proceedings in relation to unlawful access to systems, with the proceedings being led by the Office of the Prosecutor General.
Prosecutor's office: Criminal proceedings already under way
Prosecutor Eleliis Rattam told ERR that criminal proceedings have already been initiated.
Rattam said: "We have identified evidence that we are actively working on, but it is not possible at this time to disclose detailed information about what law enforcement authorities have learned."
Oskar Gross, head of the Central Criminal Police cybercrime bureau, told ERR the hackers' motive and the precise identity of the perpetrators is being established, noting that there could be one or more people.
The RIA is also sharing information with public sector bodies, including the IT departments of local government and vital service providers, in order to avoid further attacks.
Editor: Andrew Whyte