Cyber Incident Victim: Finland
Date:
Oct 2023
Location:
Finland
Summary
Multiple Finnish websites, including the Bank of Finland, Tax Administration, and several media outlets and businesses, experienced denial-of-service attacks causing temporary disruptions and outages. A Russian hacker group named NoName claimed responsibility for the attacks, citing Finland's support for Ukraine and sanctions against Russia as motivations. The incidents involved flooding targeted sites with traffic to slow or crash them, with some services resuming normal operations while others remained offline. Finland's National Cyber Security Centre noted that such attacks are frequent, exceeding 10,000 annually against the country's online services, and reiterated the importance of reporting incidents to enhance preparedness and mitigation efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 4, 2023, multiple Finnish organizations reported disruptions to their websites due to denial-of-service (DoS) attacks that began the previous day. The Bank of Finland announced via social media around 9:00 AM that its website was targeted, implementing countermeasures that restored normal functionality by early afternoon. Concurrently, Finland’s Tax Administration and two regional newspapers—Turun Sanomat and Salon Seudun Sanomat—experienced website disturbances, with Turun Sanomat confirming a deliberate DoS attack. Additional affected entities included Rantapallo, Yritystele, A-Katsastus, and Expat-Finland, the latter three remaining offline as of early afternoon. The Russian hacker group NoName publicly claimed responsibility on its Telegram channel, explicitly citing Finland’s support for Ukraine and imposition of sanctions against Russia as motivations for the attacks.
The attacks involved flooding targeted websites with traffic or malicious requests to degrade or crash services, a method consistent with standard DoS tactics. Finland’s National Cyber Security Centre (NCSC-FI) reiterated its prior assessment that over 10,000 such attacks occur annually against Finnish entities’ online services. The agency urged all organizations to report attacks promptly to enhance collective preparedness and blocking capabilities. While the Bank of Finland, Tax Administration, and both newspapers restored services within hours, operational impacts persisted for Rantapallo, Yritystele, A-Katsastus, and Expat-Finland at the time of reporting. NoName’s public claim aligned the incident with its pattern of targeting nations opposing Russian geopolitical interests.