Kyiv Independent suffers DDoS attack after publishing criticism of anti-corruption rollback
The Kyiv Independent was targeted by a coordinated distributed denial-of-service (DDoS) attack on July 22-23, coinciding with its coverage of a controversial law that strips Ukraine's key anti-corruption agencies of their independence.
The attack reached over 10,000 requests per second and targeted key parts of the website, including member login, a contact form, and newsletter integrations.
It followed the publication of a critical editorial and in-depth coverage of the government's push to expand the prosecutor general's control over the National Anti-Corruption Bureau (NABU) and the Specialized Anti-Corruption Prosecutor's Office (SAPO).
The attack utilized randomized headers and user agents to evade rate-limiting and bot detection measures. Additional SYN flood traffic was detected, likely testing the website's security system (WAF).
Although the site's admin dashboard experienced slowdowns and partial outages, the public-facing content remained largely accessible due to Content Delivery Network (CDN) protections.
No user data was compromised. The response included dynamic traffic filtering and contacting the site's cloud-based DDoS protection provider.
As of the publication date, the Kyiv Independent was unable to identify the source behind the attack.
The legislation has sparked condemnation from civil society groups, opposition lawmakers, and European partners, who say it endangers Ukraine's anti-corruption infrastructure and EU accession hopes.
Critics warn the law reclassifies NABU and SAPO as ordinary law enforcement agencies, allowing the prosecutor general to block or override investigations.
Protests erupted in Kyiv and major cities after the bill was passed by parliament.
