Cyber Incident Victim: Eduskunta
Date:
Apr 2023
Location:
Finland
Summary
A pro-Russia hacker group known as Noname 057(16) claimed responsibility for launching denial-of-service attacks against the Finnish parliament's website and the personal website of the outgoing prime minister, coinciding with the country's accession to NATO. The attacks overwhelmed the sites with traffic, causing disruptions, though the parliament confirmed it was working with national cybersecurity authorities to mitigate the impact. The same group had previously targeted the legislative body in a similar attack and is linked to disruptive operations against government and private entities in Ukraine, the United States, and other European nations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 4, 2023, the pro-Russia hacker group NoName 057(16) claimed responsibility for conducting Denial of Service (DoS) attacks against the Finnish Parliament's website and the personal website of outgoing Prime Minister Sanna Marin. The group announced its actions via Telegram messaging service, explicitly linking the attacks to Finland's imminent accession to NATO that same day, stating they were "sending Finland to NATO, accompanied by denial of service attacks." The Parliament confirmed the cyber incident in an afternoon statement, disclosing collaboration with Finland's National Cyber Security Centre to mitigate the attack's effects. This timing coincided with Finland's formal NATO membership ceremony in Brussels, where it became the alliance's 31st member state. The attacks involved flooding targeted websites with excessive traffic or malicious data packets to disrupt normal operations, though specific technical details about attack vectors or duration weren't disclosed.
The group did not claim responsibility for a simultaneous disruption affecting the website of VTT, Finland's state-owned Technical Research Centre, despite similarities in the incidents. NoName 057(16) had previously targeted the Finnish Parliament's website in August 2022, establishing a pattern of attacks against Finnish institutions during geopolitically significant moments. The group maintains a documented history of conducting DoS operations against government entities, media outlets, and private corporations in Ukraine, the United States, and other European nations. Finnish authorities provided no immediate information about collateral impacts beyond website accessibility issues or whether other systems were compromised. NoName's public Telegram declaration served as the primary attribution source for the Parliament and Marin website incidents, with no independent confirmation of attacker identity provided in available reports. The National Cyber Security Centre's containment efforts represented the sole confirmed defensive response to the April 4 attacks.