The Organized Crime and Corruption Reporting Project (OCCRP) has reported that its website has been targeted by a large-scale DDoS attack, slowing access and making it difficult for readers to reach its investigative reporting.
According to OCCRP, the attack began on Monday and was still ongoing as of January 13, 2026. While the website has not gone fully offline, readers may experience delays or additional verification steps introduced to block automated traffic.
Coordinated attack with signs of active control
OCCRP said the attack appears to be driven by a large, internationally distributed botnet. The organisation’s security team observed that attackers adjusted their methods as defensive measures were introduced — behaviour that points to direct human involvement rather than a purely automated campaign.
The source of the attack has not been identified, and OCCRP has not attributed it to any specific group or state actor.
Recent upgrades to OCCRP’s digital infrastructure helped prevent a complete outage. The organisation noted that without these improvements, its website would likely have been unreachable for many hours.
A familiar tactic against media and civil society
This kind of attack has become a common pressure tool against independent journalism and nonprofit organisations.
In 2023 and 2024, several Hungarian independent news outlets and the International Press Institute were hit by sustained DDoS attacks that took their websites offline for extended periods. Authorities later arrested a suspect who allegedly used DDoS-for-hire services to target critical media, while pro-government outlets were unaffected.
Independent outlets elsewhere have faced similar disruption. Novaya Gazeta Europe, an investigative news site, has reported repeated DDoS attacks that temporarily blocked access to its reporting.
Threat monitoring from organisations that protect at-risk nonprofits and media outlets shows a steady increase in DDoS activity aimed at human rights groups, investigative journalists, and civil-society organisations. Many of these attacks involve massive volumes of traffic designed to overwhelm relatively small publishing platforms.
The pattern is consistent: rather than silencing reporting directly, attackers aim to make it unreachable at key moments.
Staying online under pressure
OCCRP’s ability to keep its website online, despite the ongoing attack, shows the importance of resilient infrastructure and real-time visibility into network traffic. As DDoS campaigns become more adaptive and sustained, organisations that rely on public access need to be prepared for prolonged disruption attempts, not just short spikes in traffic.
FastNetMon will continue monitoring significant DDoS incidents affecting media organisations, NGOs, and other targets where availability is critical.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
For more information, visit https://fastnetmon.com.