The state Information System Authority (RIA) has said this was the first time Estonia had come under cyberattack from hackers who have expressed backing for Palestine, adding the likely reason for the attacks was Estonia's stated public support for Israel.

"The distinguishing feature of these attacks was a different modus operandi and different tools when compared with Russian attacks," Gert Auväärt, RIA's deputy director general, told the Riigikogu's National Defense Committee.

"In the case of the new attackers, we had to develop defensive measures while learning in the middle of the attacks, relying heavily on manual work."

Citing RIA's yearbook, Eesti Ekspress reported three major waves of cyberattacks were conducted by hackers of Algerian origin on Estonian state and public institutions' websites and also those of private sector firms, which saw over 500 million malicious requests made in three hours, causing disruption to a total of 20 sites.

One web address was hit with 84 million requests in 11 minutes.

Then in May, hackers of Moroccan origin launched denial-of-service (DDoS) attacks on websites operated by Estonia's security authorities on 10 occasions, sending 225 million malicious requests in just under 40 minutes.

Auväärt called the emergence of an apparent axis of Kremlin-aligned and pro-Palestinian hackers a worrying development.

RIA's Cybersecurity Yearbook 2026 states: "Another important factor is the active cooperation between Russian and pro-Palestinian hacktivist groups. Although their primary targets differ, their interests overlap when it comes to EU and NATO member states. As a result, pro-Palestinian hacktivists often join attack campaigns against Europe initiated by Russian groups, and countries that have no direct connection to the Israeli–Palestinian conflict can also become targets.

The yearbook adds: "In terms of methods and motives, pro-Palestinian hacktivists resemble their Russian counterparts. In both cases, attacks are inherently destructive and directed against states they regard as ideological adversaries. Their campaigns are often aimed at critical infrastructure and seek to cause as much disruption and inconvenience as possible for the population of the targeted country."

"In general, hacktivist activity is limited to DDoS attacks and simple compromise attempts. These attacks do not necessarily require advanced technical skills but can generate fear or confusion among the public and draw attention to the attackers."

A distributed denial-of-service (DDoS) attack is a cyberattack in which multiple sources flood a targeted website or service with traffic, overwhelming it and disrupting access—often targeting high-profile servers like banks and motivated by revenge, blackmail, or hacktivism. It is a category of denial-of-service (DoS) attack, which overwhelms a machine or network with excessive or malicious requests to disrupt services and block legitimate users from accessing them.

A malicious request is a deliberately crafted network or web request sent to a server designed to disrupt, damage, or compromise a system rather than interact with it properly, as in the case of, for instance, loading a web page.

--

Follow ERR News on Facebook and X and never miss an update!