Estonia faced its "most extensive" cyberattacks since 2007's Bronze Night on Wednesday (August 17), following the removal of several Soviet monuments, including a tank, from the eastern border city of Narva, the government's chief information officer said on Thursday.
CIO and Undersecretary for Digital Transformation Luukas Ilves commented on social media: "Yesterday, Estonia was subject to the most extensive cyberattacks it has faced since 2007. Attempted DDoS attacks targeted both public institutions and the private sector.
"The attacks were ineffective. E-Estonia is up and running. Services were not disrupted. With some brief and minor exceptions, websites remained fully available throughout the day. The attack has gone largely unnoticed in Estonia.
"Kudos to the teams working to keep the lights /.../ As Gov't CIO, I slept well."
Ilves praised teams at the state's online service portal e-Estonia, the Estonian Information System Authority (RIA) and others who helped fight the attacks.
"Attempted attack, yes. Effective, no," is how he described the situation.
Yesterday, Estonia was subject to the most extensive cyber attacks it has faced since 2007. Attempted DDoS attacks targeted both public institutions and the private sector. (1/4) @e_estonia— Luukas Ilves (@luukasilves) August 18, 2022
In 2007, Estonia suffered 22 days of cyberattacks after the government moved a Soviet statue from the center of Tallinn to a military cemetery on the capital's outskirts.
RIA's incident handling department CERT-EE said it had identified 24 websites and services infected with malware over the last 24 hours through which the attackers tried to target and infect internet users in Estonia.
During additional monitoring, malware was detected on 137 devices and internet service providers were informed about them.
"Last night there were 12 DDoS attacks made against various state institutions or their websites. There were also four DDoS attacks directed at private sector organizations, but behind these you can also see the wish to attack one or another state service. Eight DDoS attacks targeted a specific website or website. In nine attacks, no impact was detected, and in seven attacks, interruptions to services may have occurred for several minutes," RIA said.
Additionally, eight phishing attempts were also made to collect people's email and bank account information.
Hacker group claims responsibility
The Digigenius news portal wrote on Wednesday that a pro-Kremlin hacking group has targeted almost all state institutions and DDoS attacks had been made on SK ID Solutions, which is used to authenticate Estonia's ID card online.
Kalev Pihl, head of SK ID Solutions, told Digigenius the attack has resulted in short-term service interruptions.
In #Estonia, a #Russia-based hacker group Killnet claimed responsibility for DDoS #cyber attacks on 207 websites. This includes IT systems of payment systems, banks, government bodies and public services.— Alex Kokcharov (@AlexKokcharov) August 17, 2022
Killnet has taken responsibility for the attacks. The group also targeted Estonia during the Locked Shields cyber exercise earlier this year.
Last week Killnet attacked the Latvian government's website after the parliament accused Russia of funding terrorism.
Estonia stronger than in 2007
Commenting on the attacks, President Alar Karis said: "Luckily, our cyber defenses are strong and Estonian systems well protected."
Luckily, our cyber defences are strong and Estonian systems well protected. https://t.co/Bmh1tmJzh0— Alar Karis (@AlarKaris) August 18, 2022
Prime Minister Kaja Kallas (Reform) echoed his words: "Although subject to the most extensive cyber attacks, Estonia is stronger than we were in 2007."
Although subject to the most extensive cyber attacks, is stronger than we were in 2007. https://t.co/lnNwb0op29— Kaja Kallas (@kajakallas) August 18, 2022
Bronze Soldier cyber attacks
In 2007, Estonia was subjected to cyberattacks after it moved a World War Two Soviet statue, known as the Bronze Soldier, from central Tallinn to a graveyard on its outskirts.
Estonia pinned the blame on Russia, making it the first use of wide-ranging cyber-attacks against a state. Local media outlets and the Estonian government's online briefing room were among the first targets. The cyberattacks lasted with varying intensity for 22 days.
It was one of the first wake-up calls to the cooling of relations between Russia and the West, the International Center of Defense in Tallinn said in a report in 2020.
On Tuesday, after several weeks of deliberation, the Estonian government removed the Soviet T-34 tank from a plinth just outside Narva. Six other Soviet monuments were removed from around the city and neighboring Narva-Jõesuu
The tank monument, erected in 1970, commemorated the "liberation" of the city from the Nazis during World War Two. The following battle destroyed more than 90 percent of the buildings in Narva.
The T-34 was positioned on the river bank where the Russians crossed the River Narva.
While the Russians claim to have liberated the city, following the end of the war the Soviet Union went on to occupy Estonia until 1991.
So far, following the monument's removal to the Estonian War Museum in Viimsi, the city has been calm, police have reported. Eleven people were arrested on the day, but no other incidents have taken place.
After the Bronze Soldier was removed in 2007, riots broke out in Tallinn. The government has attempted to act cautiously so similar actions could not occur in Narva.
Editor's note: This article was updated with comments from Kaja Kallas and Alar Karis.
Editor: Helen Wright