The notorious NoName ransomware group, believed to have ties to Russia, has reportedly launched a series of cyberattacks targeting multiple government agencies in Finland in recent incidents. As a result of these alleged NoName cyberattacks on Finland-based organizations, multiple victims’ websites were temporarily rendered inaccessible.
Finnish websites including several subdomains of Traficom, the Finnish National Cyber Security Center (NCSC-FI), Railways, the Finnish Transport and Communications Infrastructure Regulation and Development Authority, and the Finnish Roads Agency have recently fallen prey to NoName. DDoS attack targeting Finland.
The DDoS campaign also targets the Central Chamber of Commerce, Bank of Finland, Helsinki Regional Chamber of Commerce and Industry, and the Finnish Arbitration Institute.
NoName cyber attack against Finland
The Cyber Express team has checked the websites reported to have been attacked in the NoName cyber attack and found them to be working properly. The team also attempted to contact affected organizations for more information about the alleged NoName DDoS attack, but as of the writing of this report, no official response has been received.
The NoName ransomware group, also known as NoName057(16), posted messages on dark web portals claiming to target government and private organizations in Finland. A screenshot of the dark web post was published on the cybersecurity research organization’s X (formerly Twitter) handle.
“Finland continues to receive New Year’s gifts (evil smiley face emoji),” reads one screenshot obtained from the cybercrime group’s leak portal. From what we can understand, most of the victims of the NoName DDoS attack are government agencies related to road and rail transport and cybersecurity, so we believe this is an attempt to disrupt the daily activities of Finnish citizens. .
The screenshot also includes additional information in Russian that is said to be related to the cyberattack. The second screenshot lists the alleged victims of the NoName DDoS attack.
A third screenshot taken from NoName’s dark web portal includes a message from the ransomware group to the Finnish government. The message reads: “While Russia celebrates the new year, in Finland it’s the day of the dastardly shutdown by Jio after the attack. NoName057(16) (evil smiley face emoji).”
DDoS attacks have been on the rise since Russia was on the front lines alongside the West during the Russo-Ukrainian war. Ukraine, which is backed by the EU and the US, has angered Russia, and multiple EU and US-based organizations have been targeted by Russia-linked hacker groups.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for informational purposes only and the user is solely responsible for the reliability of the information. Cyber Express assumes no responsibility for the accuracy of this information or the consequences of its use.