On 1 April, Russia’s state-owned railway RZD was hit by a DDoS attack that knocked its website and mobile app offline.
No tickets, no timetables, just timeout errors
The disruption began Tuesday evening and affected users nationwide, many of whom were unable to check train schedules or purchase tickets online. Although station offices remained open, the outage created delays and confusion for travellers who rely on the app for real-time updates.
RZD confirmed the incident on Telegram, describing it as a ‘mass DDoS attack,’ and said efforts were underway to restore services. They did not disclose how long the disruption lasted or how many users were affected, but public monitoring platforms showed a surge in reports throughout the evening.
Same week, same pattern: Moscow Metro also affected
The attack came just one day after a similar disruption affected Moscow’s metro app and website. While officials called that incident ‘technical work,’ reports suggested it may have also been caused by a DDoS attack. A message written in Ukrainian briefly appeared on the Metro site, raising questions about potential defacement.
Elsewhere, the Belgorod regional administration experienced an outage during a livestream, also attributed to DDoS activity.
RZD’s history with cyber attacks
These events are not isolated. RZD has previously dealt with DDoS attacks in 2022 and 2024. Earlier this year, the pro-Ukrainian group CyberSec claimed to have accessed RZD’s internal systems and leaked employee data. Whether or not the latest incident is linked, the trend is clear: transport networks remain vulnerable targets.
A simple flood of traffic, a complex set of consequences
DDoS attacks don’t break infrastructure, but they overload it. In a sector where digital tools are now central to day-to-day operations, the impact is immediate – causing delays, miscommunication, and operational pressure. Whether coordinated or coincidental, the timing and nature of these attacks point to growing pressure on digital services in public infrastructure. Building resilience against such attacks is no longer optional.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com