Estonia Hit by Record Cyberattacks as Fraud Losses Soar to €30M
Estonia endured a record 756 DDoS attacks in 2025 and saw cyber fraud losses triple to nearly €30 million as the threat landscape expanded from pro-Kremlin activists to include a global array of ideologically motivated groups.
- —Estonia experienced a record 756 DDoS attacks in 2025, a third more than the previous year, though only a fraction of these had a significant impact on services.
- —The range of threat actors expanded beyond pro-Kremlin activists to include pro-Palestinian groups from the Middle East, North Africa, and Southeast Asia, with major campaigns in April and May.
- —Financial losses due to cybercrime, particularly phishing and fraud, surged threefold to nearly €30 million in 2025, with scammers increasingly targeting individuals with access to company funds.
- —Over 48,000 security vulnerabilities were registered in 2025, a 20% increase, with unpatched systems leading to compromises of state institutions and businesses.
- —New security features like Smart-ID+ are being implemented to combat sophisticated social engineering tactics and AI-driven attacks, though AI is also being leveraged by criminals.
Recap
The surge in cyber incidents in Estonia reflects a strategic shift beyond state-level harassment to a multi-front war involving diverse hacktivists and sophisticated financial criminals. The dramatic tripling of fraud losses demonstrates that the primary impact has moved from temporary service disruption to significant, direct economic damage for citizens and businesses. This signals a new phase of vulnerability for highly digitized societies, where AI-powered social engineering is becoming a standard tool for criminals, forcing a constant and costly evolution in national cyber defense.