Cyber Incident Victim: Helsinki, Finland
Date:
Aug 2022
Location:
Finland
Summary
A pro-Russian hacker group targeted the Finnish parliament's website with a distributed denial-of-service attack, causing several hours of downtime. The attackers, identified as NoName057(16), claimed responsibility via Telegram, citing Finland's NATO aspirations as motivation, coinciding with heightened Western support for the country's membership bid. The parliament collaborated with service providers and its national cybersecurity agency to mitigate the disruption. This incident aligns with the group's broader campaign against NATO-affiliated entities and Ukraine supporters, having previously partnered with other threat actors like Killnet to target nations opposing Russia's invasion of Ukraine. The attack reflects escalating cyber hostilities following geopolitical tensions in Eastern Europe.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 9, 2022, the Finnish parliament’s external websites became inaccessible for several hours following a distributed denial-of-service (DDoS) attack attributed to pro-Russian threat actors. The parliament confirmed the disruption in a public statement, noting collaboration with service providers and the national Cybersecurity Center to mitigate the attack’s effects. NoName057(16), a hacker group aligned with Russian interests, claimed responsibility via Telegram, explicitly linking the assault to Finland’s pursuit of NATO membership. The group framed the attack as a retaliatory measure against Finnish authorities for their NATO aspirations, stating they had conducted a "friendly visit" to the neighboring country. The incident coincided with U.S. President Joe Biden’s formal signing of documents endorsing Finland and Sweden’s accession to NATO, amplifying its geopolitical symbolism. While the attack temporarily disrupted public access to parliamentary information systems, no data breaches or permanent damage to infrastructure were reported. Finnish authorities implemented defensive measures to restore services without elaborating on technical specifics.
This cyber incident occurred against the backdrop of Finland’s formal NATO application on May 18, 2022—a decision directly influenced by Russia’s full-scale invasion of Ukraine three months earlier. NoName057(16) had previously partnered with the pro-Russian group Killnet in late June 2022 to execute similar DDoS campaigns against nations supporting Ukraine, declaring hostilities toward NATO and its allies. The broader cyber conflict emerged following Russia’s February 24 invasion, which triggered reciprocal attacks between pro-Ukrainian hacktivist collectives—including Anonymous and the IT Army of Ukraine—and Russian-aligned groups targeting critical infrastructure and government entities. The United Nations documented severe humanitarian consequences from the physical conflict, including mass displacement and allegations of human rights violations by Russian forces, contributing to Russia’s suspension from the UN Human Rights Council. Finland’s parliamentary website attack exemplified the spillover of geopolitical tensions into cyberspace, though its operational impact remained confined to temporary service degradation.