Cyber Incident Victim: Finnish ministries of Defense and Foreign Affairs
Date:
Apr 2022
Location:
Finland
Summary
A distributed denial-of-service attack disrupted the websites of Finland's ministries of Defense and Foreign Affairs during an address by Ukraine's President to the nation's parliament. The incident caused temporary unavailability of the Foreign Ministry's external site for approximately one hour before being mitigated through coordinated efforts involving service providers and the national Cyber Security Center. While authorities confirmed the attack's resolution without assigning attribution, external observers suggested potential links to Finland's political support for Ukraine amid regional conflict.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 8, 2022, a denial-of-service attack disrupted the external websites of Finland’s Ministry for Foreign Affairs and Ministry of Defence. The incident began at approximately noon local time, coinciding with an address by Ukrainian President Volodymyr Zelenskyy to Finnish members of parliament. The attack rendered the websites inaccessible through volumetric traffic flooding, though no data breaches or system compromises were reported. Finnish authorities detected the disruption promptly and initiated mitigation procedures in collaboration with telecommunications service providers and the National Cyber Security Centre. By approximately 1 p.m., one hour after the attack commenced, service availability was restored to normal operational levels. The government confirmed the incident through an official announcement but did not disclose technical specifics regarding attack volume or originating infrastructure. No additional government systems beyond the targeted ministries’ public-facing websites were confirmed as affected during this timeframe.
The distributed denial-of-service (DDoS) attack caused temporary unavailability of critical public information platforms during a high-profile diplomatic event. Response measures included traffic filtering and coordination with network operators to absorb and deflect malicious traffic patterns. The Finnish State Department emphasized operational restoration within the hour but provided no details about residual impacts or secondary disruptions. While the government issued no attribution statement linking the attack to any state or non-state actor, independent cybersecurity analysts suggested potential connections to geopolitical tensions surrounding Finland’s support for Ukraine following Russia’s invasion. The incident concluded without further escalation, with no subsequent claims of responsibility or follow-on cyber operations against Finnish entities directly tied to this event by official sources. Normal website functionality was maintained following the mitigation efforts.