DOCUMENTING HYBRID WARFARE / — incidents / UPDATED LATEST: 
Sabotage Watch SABOTAGEWATCHHybrid Threat Monitor
Cyber

Pro-Russian Killnet conducts DDoS waves against Czech entities (7 regulated victims reported to NÚKIB)

19–27 April 2022 · Czechia
Satellite Imagery © Esri

What happened

In the second half of April 2022, the pro-Russian hacktivist group Killnet carried out two waves of distributed denial-of-service (DDoS) attacks against the websites of Czech entities. According to the Czech National Cyber and Information Security Agency (NÚKIB), the first wave ran between 19 and 21 April and affected thirteen subjects, including NÚKIB itself and Czech ministries. A second wave struck on the night of 27 April, hitting another nine subjects. NÚKIB reported that it was notified of associated incidents by seven organisations regulated under the Czech cybersecurity law, and noted that the total number of Killnet's Czech victims was roughly three times higher. Killnet announced the campaign on its Telegram channel, and NÚKIB assessed the attacks were likely connected to Czech support for Ukraine.

The attacks were generally unsophisticated and caused only the unavailability of web pages rather than any breach of internal systems. NÚKIB identified at least one incident as an L4 TCP ACK DDoS attack, a transport-layer flood that exhausts server or firewall capacity. The agency stated that, because DDoS attacks overwhelm a service without compromising its information systems, Killnet did not access data stored at the targeted organisations; the assessed goal was reputational harm. Czech media reported additional named targets, including the public broadcaster's news channel CT24, the Interior Ministry, government portals, Czech Railways and several airports. Interior Minister Vit Rakusan attributed the attacks to Russian hackers and said no information or private citizen data was stolen.

Assessment

The incident fits a recognised pattern of pro-Russian hacktivist DDoS campaigns that surged after Russia's 2022 invasion of Ukraine, timed to Czech support for Kyiv. Impact was limited to temporary website unavailability, with no evidence of data theft or intrusion into internal systems, consistent with low-sophistication DDoS. Attribution to Killnet rests on the group's own Telegram claims plus NÚKIB's technical assessment. While the group's stated motivation aligns with Russian state interests, the available reporting frames it as hacktivist activity and does not establish direct state direction or control.

This dossier summarises open-source reporting and is updated as the investigation develops. Read the original report via the source link.