Masaryk University's cybersecurity team warns of a possible wave of DDoS (Distributed Denial of Service) attacks targeting the availability of websites and online services. This warning is primarily intended for system and service administrators.
A DDoS attack is a deliberate flooding of a service (e.g., a website) with a large volume of requests from many sources (botnets, “DDoS-for-hire” services). The attackers’ goal is to disrupt availability — so users can’t connect, the page won’t load, or the service keeps crashing.
How does a DDoS attack manifest?
A DDoS attack can also be a “smokescreen,” which is why it’s important to monitor for other suspicious activity at the same time (unusual access patterns, phishing, etc.). Interested in more typical DDoS indicators? You can find them in our article.
DDoS attacks often target highly visible, publicly accessible services — typically institutional websites. Masaryk University faced a major DDoS attack in December 2025 targeting IS MU (15–16 December 2025). Since then, we have also recorded repeated smaller DDoS attempts against university services and network infrastructure (including the muni.cz website). Thanks to strengthened protection layers, however, most of these attacks do not have any noticeable impact on end users.
Universities are a natural target mainly because of:
The timeliness of this threat is also confirmed by other recent attacks across the Czech Republic and abroad:
In December 2025, the Czech National Cyber and Information Security Agency warned about pro-Russian hacktivist groups attacking critical infrastructure entities. For example, it states that the group NoName057(16) primarily focuses on DDoS attacks and that since 2023 it has also recorded incidents targeting Czech institutions and companies. This was confirmed in practice in January: a publicly shared “target list” for the DDoSia tool (associated with NoName) included targets in the Czech Republic as well — e.g., stredoceskykraj.cz, plzensky-kraj.cz, kraj-jihocesky.cz, kr-vysocina.cz, liberec.cz / portal.liberec.cz, portal-vz.cz, or prg.aero (including ftp.prg.aero), among others.
If you notice a service outage as a user, stay calm—there is usually not much you can do from the user side during a DDoS attack. We recommend waiting, or using an alternative channel if one is available. Service administrators should continuously verify the situation in monitoring and logs (reverse proxy/WAF, network traffic) and, depending on the circumstances, activate available countermeasures or temporarily restrict problematic parts of the service.
You can always find key cybersecurity information at Masaryk University at https://security.muni.cz/en.
Masaryk University's cybersecurity team warns of the risks associated with using DeepSeek's AI tools. Based on the warning NÚKIB, we do not recommend using DeepSeek's products - either for work or personal use. Entering information into language models (e.g., AI chatbot) can seriously compromise data in a university environment.
Masaryk University's cybersecurity team warns of many compromised accounts whose login credentials have been leaked due to infostealers - malware that surreptitiously steals passwords and other sensitive data.