Nixu Threat Intelligence Bulletin: Pro-Russian Hacktivists Target Finland 

Finland's Security and Intelligence Service SUPO has warned of the deterioration of relations between Finland and Russia due to Ukraine, sanctions, and NATO. While the agency does not believe that crippling attacks on critical infrastructure are likely in the near future, it has seen an increase in attacks on such targets. The energy sector was identified specifically as one such industry under increased attack.

On the back of the release of SUPO's new report, several pro-Russian hacktivist groups have openly stated their intent to carry out an attack on Finnish infrastructure. Thus far, NoName05716, KillNet, Legion Team, Rubit, User Sec, and others have been observed making such statements. Attacks by such groups are likely to be in the form of DDoS, which could render targeted domains or services temporarily unavailable. We have included in our links some of the more recent advice on mitigating DDoS attacks for your review.

It is also worth considering what the future of DDoS attacks could look like, and recently, Google, Cloudflare, and AWS released blogs on a new development in this area. We have included a link to Google's report here as well.

Details

=======

Location: Finland

Risk: DDoS attack

Link: https://supo.fi/en/-/russia-treating-finland-as-a-hostile-country

Link: https://www.cisa.gov/news-events/alerts/2023/09/06/cisa-releases-capacity-enhancement-guide-strengthen-agency-resilience-ddos-attack

Link: https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
 

Next Steps

=======

- Assessment: high confidence that there is a heightened risk of DDoS attacks being weaponized in an attempt to cause disturbance in society at large.

--

Nixu Threat Intelligence
Nixu Corporation
threats@nixu.com