Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Finland. Show all posts

NoName Ransomware Group Allegedly Targets Denmark and Finland Over NATO Support


 

The ransomware group NoName has reportedly launched cyberattacks against key institutions in Denmark and Finland, citing their support for NATO as the provocation. The alleged attacks targeted Denmark’s digital identification system MitID, the Finland Chamber of Commerce, and Finland’s largest financial services provider, OP Financial Group.

On a dark web forum, NoName announced these attacks, positioning them as a reaction to Denmark and Finland's recent military and infrastructural actions favouring NATO. The group specifically called out Denmark for training Ukrainian specialists in F-16 fighter jet maintenance:

"Denmark has trained the first 50 Ukrainian specialists in servicing F-16 fighter jets. Most of the specialists have already returned to Ukraine to prepare for the reception of F-16s at local air bases. The training of the first group of Ukrainian pilots continues in Denmark.”

They also criticised Finland for infrastructure upgrades intended to support NATO troops:

“Finland has begun repairing roads and bridges in Lapland to prepare for the deployment of NATO troops on its territory. ERR.EE reports on its change of stance on NATO forces and planned infrastructure work.”

NoName concluded their message with a warning, suggesting that Denmark and Finland's governments had not learned from past mistakes and threatened further actions.

Potential Impact on Targeted Entities

MitID: Denmark's MitID is a crucial component of the country's digital infrastructure, enabling secure access to various public and private services. An attack on this system could disrupt numerous services and damage public trust in digital security.

Finland Chamber of Commerce: The Chamber plays a vital role in supporting Finnish businesses, promoting economic growth, and facilitating international trade. A cyberattack could destabilise economic activities and harm business confidence.

OP Financial Group: As the largest financial services group in Finland, OP Financial Group provides a range of services from banking to insurance. A successful cyberattack could affect millions of customers, disrupt financial transactions, and cause significant economic damage.

Despite the claims, the official websites of MitID, the Finland Chamber of Commerce, and OP Financial Group showed no immediate signs of being compromised. The Cyber Express Team has reached out to these institutions for confirmation but has not received any official responses as of the time of writing, leaving the allegations unconfirmed.

The timing of these alleged cyberattacks aligns with recent military and infrastructural developments in Denmark and Finland. Denmark's initiative to train Ukrainian specialists in F-16 maintenance is a significant support measure for Ukraine amidst its ongoing conflict with Russia. Similarly, Finland's infrastructure enhancements in Lapland for NATO troops reflect its strategic alignment with NATO standards following its membership.

The NoName ransomware group's alleged cyberattacks on Danish and Finnish institutions highlight the increasing use of cyber warfare for political and military leverage. These attacks aim to disrupt critical infrastructure and send a strong message of deterrence and retaliation. The situation remains under close scrutiny, with further updates expected as more information or official responses become available.


Cyber Criminal Sentenced for Targeting Therapy Patients


In a recent legal case that has shaken Finland, cyber offender Julius Kivimäki, known online as Zeekill, has been sentenced to six years and three months behind bars for his involvement in a sophisticated cybercrime operation. The case revolves around the breach of Vastaamo, Finland's largest psychotherapy provider, where Kivimäki gained unauthorised access to sensitive patient records.

The Extent of the Breach

Kivimäki's method involved infiltrating Vastaamo's databases, compromising the privacy of thousands of therapy patients. Despite his unsuccessful attempt to extort a large sum of money from the company, he resorted to directly threatening patients with exposure to their therapy sessions unless they paid up. The repercussions of his actions were severe, with at least one suicide linked to the breach, leaving the nation in shock.

Legal Proceedings and Conviction

Throughout the trial, Kivimäki insisted on his innocence, even going as far as evading authorities and fleeing. However, the court found him guilty on all counts, emphasizing his ruthless exploitation of vulnerable individuals. The judges emphasized the significant suffering inflicted upon the victims, given Vastaamo's role as a mental health service provider.

A History of Cybercrime

Kivimäki's criminal journey began at a young age, participating in various cyber gangs notorious for causing chaos between 2009-2015. Despite being apprehended at the age of 15 and receiving a juvenile sentence, he persisted in his illicit activities, culminating in the Vastaamo breach.

How Law Enforcement Cracked the Case?

Law enforcement's efforts, combined with advanced digital forensics and cryptocurrency tracking, played a pivotal role in securing Kivimäki's conviction. His misstep led authorities to a server containing a wealth of incriminating evidence, aiding in his arrest and subsequent sentencing.

The Human Toll of Cyber Intrusion

Tiina Parikka, one of the affected patients, described the profound impact of receiving Kivimäki's threatening email, leading to a deterioration in her mental health. The breach not only compromised patients' privacy but also eroded their trust in the healthcare system.

Corporate Accountability

While Kivimäki faced legal consequences, Vastaamo's CEO, Ville Tapio, also received a suspended prison sentence for failing to protect customer data adequately. The once esteemed company suffered irreparable damage, ultimately collapsing in the aftermath of the breach.

Moving Forward 

As legal proceedings conclude, civil court cases are expected as victims seek compensation for the breach. The incident has stressed upon the vulnerability of healthcare data and the pressing need for robust cybersecurity implementation to safeguard the information of such sensitivity. After all, maintaining confidentiality is the first step towards establishing a healthy environment for patients.  

The Vastaamo case serves as a telling marker of the devastating consequences of cybercrime on individuals and businesses. In an age of advancing technology, it is essential for authorities and organisations to remain armed in combating such threats to ensure the protection of privacy and security for all.


What Makes Helsinki the Mobile Gaming Capital?

 


While some of the world's most ambitious and successful game makers reside on the streets of this relatively quiet northern European capital, they are often covered with snow. This gives them a comfortable environment to thrive. 

Finland was the first to see the first screen of an iPad flicked across by an Angry Bird. Netflix has chosen to establish its first-ever internal gaming studio in Atlanta. The city is also home to major game studios, like Supercell, which makes the popular game Clash of Clans. A streamer has admitted that Helsinki has some of the highest-quality game talents in the world and that this is the reason that they chose this city. This is one of the reasons why many people consider the Finnish capital to be the capital of mobile gaming. According to estimates, the global economy depends heavily on this sector of the economy and is currently worth £120 billion. 

If we delve deep into some backdrop, during the 1980s and 1990s, Finland was not considered to be one of the richest countries in the world, but it has changed since then. 

In most parts of the world, majority of people rely on computers that are not even close to the most advanced computers on the market. In the early days of the digital revolution, some restrictions accompanied the use of the internet. These restrictions would help to fuel a phenomenon that became known as the "demoscene" - a subculture in which programmers created art presentations, music, and games that stretched the capabilities of the technologies of that time. Nokia came along at just the right time in Finland when Finns had become accustomed to doing a lot with a small number of resources. 

A significant reason behind the success of the games industry in Helsinki today is the foundation laid by Nokia; according to Sonja Asmeslevä, CEO of Phantom Gamelabs, an agency based in Helsinki, "The Nokia model showed us how to build something big from here up."

The Finnish games sector is intimately familiar to Sonja as she is a games maker, board member, and founder of an innovative development studio, who brings to the table a wealth of knowledge in this field. 

Nokia worked with young talented artists from the Finnish demoscene. These artists created a set of games that were designed to convince people they did not have to travel to purchase them. Instead, they could do it themselves, while there were few big games on the market at the time. 

There is generally a high level of awareness of the success of this city, which is roughly the same size as Glasgow in terms of its gaming industry. Whenever you visit a bar or coffee shop, you will find people talking about it happily. Politicians and officials are also obviously trying to take advantage of this area to enhance their positions and gain popularity. 

In any case, Sartita Runeberg, head of gaming at Reaktor, a technology infrastructure company, says in an interview that Finns have been tech geeks since time immemorial. Many gaming companies have started this way, where you can fail and try again. When you don't have to worry about failing, you can be braver. 

A successful game company needs the right infrastructure to be able to grow successfully. The Reaktor company offers several services to support the 200 game studios that operate here, from company governance to marketing and technological support. 

According to Runeberg, "there is no need to mortgage your house to start a gaming company because the social security system is there to support you, and the government is supporting gaming companies as much as they can." Getting grants to try out new ideas and funding to prove that something works in certain markets is easy, and you can easily get funding to prove concepts. 

To remain on top of the gaming space, Helsinki is making sure it attracts the world's leading game developers as part of its long-term goals. To accomplish that, Helsinki Partners works with a group of people who are committed to doing so. 

As the director of strategic initiatives at Helsinki Partners, Johanna Huurre, believes that all companies recruit from abroad when they have a specific need for expertise. This is because all of these companies are looking for certain talents who possess these skills. 

Several of them are from South America and Europe. It is much easier for them to migrate between those continents than it is in other parts of the world. Helsinki does not offer major tax incentives to companies and developers who wish to set up shop there; neither are salaries higher there by a significant margin. Those are just a few of the points Huurre says he wants to clarify. 

"Helsinki is a well-known city for its work-life balance, which makes it easy to live a full life here," says Ginni Gratton. Several employees from Helsinki said that they enjoyed their free time so much that they were able to be very efficient during their working hours. This is because they are very ambitious about their work. Meetings that are full of nonsense are few and far between. 

As a result of the pandemic, life is much easier in this community, and these soft values have become increasingly critical. People often say that they have fewer worries here because they have a strong support network. Parents here feel much freer than they would in other countries because they don't have to worry about schools or security. 

Despite Helsinki's history as a technology hub and government support, the combination of those factors is working and it has worked well. There was a net profit of £2.8 billion generated by games studios in Helsinki in 2022. 

As a matter of context, it is worth noting that in the same period, the UK's games market added £4.7bn to the British economy - even though the UK is 12 times larger than the UK on an international scale. 

The Helsinki gaming scene is one of the most successful in the world, and Supercell is one of the biggest success stories. According to media reports, the game maker was recently acquired by Tencent, a Chinese corporation with a market valuation of $11 billion (9.2 billion pounds) following its acquisition. 

He is also responsible for the famous mobile game Clash of Clans, which is known for its famous base-building gameplay. Stuart McGaw came to the studio from Scotland to work for the studio. The game Snake was a very popular game among many people growing up on mobile phones. He recalls playing it on a Nokia 3210 as a kid.  

As McGaw first started his career as a software designer at home, he realized that he could further his career in Finland. This is because the country's games development scene is well known. People in this country have heard so much about how many games companies have been successful, says Alberto. 

It would be unfair to say that local people have not yet become aware of the work of developers. This is because the industry is relatively unknown among locals even though it is one of the most valuable industries for the country's future.  

The expertise and heritage built by Nokia in the 1990s have not been replicated in other cities around the world, however. Despite this, there are some interesting lessons we can learn from this and we see that even small things can affect a lot of people.

Finland’s Most-Wanted Hacker Nabbed in France

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man who has been apprehended on Friday by French police is suspected of breaching the patient records of more than 33,000 psychotherapy clients and leaking therapy notes for more than 22,000 patients online in Finland. 

Zeekill convicted of committing tens of thousands of cybercrime is a well-known cyber-criminal  According to Finland's National Bureau of Investigation, he had been running from police since October 2022, when he failed to show up in court and Finland issued an international arrest warrant for him.  

According to the officials, in late October 2022, Kivimäki was charged and arrested in absentia for attempting to extort money from the Vastaamo Psychotherapy Center. The NBI announced in November that the Helsinki District Court remanded Kivimäki in absentia last October and he was also added to Europol's "most wanted" list.  

However, he denied being involved in Vastaamo's data breach. Additionally, the National Bureau of Investigation (NBI) said that the Finnish officials are working and investigating closely with their French counterparts about Kivimäki's extradition.  

Vastaamo was the major data breach in November 2018 and March 2019, in which the sensitive credentials of around 30,000 patients were compromised, and then money was extorted from the victim organizations as well as its clients. 

However, when the Vastaamo refused to pay ransom money, then the threat actor started sending threatening emails to targeted individuals to publish their therapy notes unless a ransom worth 500 euros was paid. Nevertheless, the hacker got little success in its mission. 

“Among those who grabbed a copy of the database was Antti Kurittu, a team lead at Nixu Corporation and a former criminal investigator. In 2013, Kurittu worked on an investigation involving Kivimäki’s use of the Zbot botnet, among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP)...,” Kurittu said. “…It was a huge opsec [operational security] fail, because they had a lot of stuff in there — including the user’s private SSH folder and a lot of known hosts that we could take a very good look at declining to discuss specifics of the evidence investigators seized. There were also other projects and databases.” 

Finland Alerted About Facebook Accounts Compromised via Messenger Phishing

 

The National Cyber Security Centre of Finland (NCSC-FI) has issued a warning about an ongoing phishing attack aimed at compromising Facebook accounts by masquerading victims' friends in Facebook Messenger conversations. 

According to the NCSC-FI, this ongoing scam targets all Facebook users who got messages from online acquaintances seeking their contact information and a confirmation number given through SMS. If users provide the requested information, the attackers will gain control of their accounts by altering the password and email address linked with them. 

Once taken over, the Facebook accounts will use similar schemes to target more potential victims from their friend list. 

“In the attempts, a hacked account is used to send messages with the aim of obtaining the recipients' telephone numbers and two-factor authentication codes to hijack their Facebook accounts," the cybersecurity agency described. 

The scammers will undertake the following techniques to successfully compromise the victim' Facebook accounts: 
• They start by sending a message through Facebook Messenger from the previously compromised friend's account. 
• They request the target's phone number, claiming to be able to assist with the registration for an online contest with cash awards worth thousands of euros. 
• The next step is to request a code that was supposedly given via SMS by the contest organizers to verify the entry. 
• If the fraudsters obtain the SMS confirmation code, they will combine it with the phone number to gain access to and hijack the victim's Facebook account. 

The NCSC-FI advised, "The best way to protect yourself from this scam is to be wary of Facebook messages from all senders, including people you know. If the message sender is a friend, you can contact him, for example, by phone and ask if he is aware of this message. This information should not be disclosed to strangers." 

Meta (previously Facebook) recently has filed a federal lawsuit in a California court to stop further phishing assaults that are currently targeting Facebook, Messenger, Instagram, and WhatsApp users. 

Around 40,000 phishing sites impersonating the four platforms' login pages were used by the threat actors behind these phishing attacks. These lawsuits are part of a lengthy series of lawsuits filed by Facebook against attackers who target its users and exploit its platform for nefarious purposes.

Android Devices being Targeted by Flubot

 

The National Cyber Security Centre of Finland (NCSC-FI) has recently released a "severe alert" over a major campaign targeting the nation's Android users with Flubot banking malware delivered through text messages sent out by hacked devices. 

This is the second greatest Flubot operation to strike Finland this year, with a previous set of cyberattacks SMS spamming thousands of Finns each day from early June to mid-August 2021. The latest spam campaign, like the previous one, has a voicemail theme, encouraging recipients to click a link that will enable them to retrieve a voicemail message or a message from the mobile operator. 

Rather than being made to open a voicemail, SMS recipients are led to malicious websites that push APK installers to install the Flubot banking virus on their Android devices. 

“According to our current estimate, approximately 70,000 messages have been sent in the last 24 hours. If the current campaign is as aggressive as the one in the summer, we expect the number of messages to increase to hundreds of thousands in the coming days. There are already dozens of confirmed cases where devices have been infected," the Finnish National Cyber Security Centre said in the alert issued on Friday. 

"We managed to almost eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one because the previously implemented control measures are not effective," said NCSC-FI information security adviser Aino-Maria Väyrynen. 

Those who have been affected should do a factory reset on their Android device to remove the virus. When iOS users get FluBot messages and click on the associated link, they will be forwarded to fraud and phishing websites rather than being forced to install an app. 

FluBot, once installed on a device, may browse the contacts list, spam texts to other individuals, read messages, steal credit card information and passwords as they are typed into apps, install other apps, and engage in other nefarious activities. Android users who get Flubot spam messages or emails should avoid opening attached links or downloading files shared through the link to their cellphones. 

The virus family has also been discovered on other websites, where anybody can come into contact with the harmful code. Netcraft, a provider of internet services, announced on Monday that it had discovered nearly 10,000 websites that were disseminating FluBot malware.

Finland MP’s Faces Dire Cyber Intrusion

 

The parliament of Finland verified on Monday that some hackers had procured entry into the internal IT system of Finland and have also retrieved some personal as well as confidential information by accessing into the email accounts of some of the Member of the Parliament (MPs).

In a statement the government officials confirmed that the incident took place in the autumn season of 2020 and was turned up in the month of December by the IT staff of the Parliament after they felt that something suspicious is happening. This occurrence is being investigated under the examination of the Finnish Central Criminal Police (KRP) .

Although the Crime Commissioner Tero Muurman in an official statement said that “The act is not accidental”, on the other hand the police in investigation are not unveiling any detail about the case. Instead they quoted that they are investigating the security breach as a “suspected gross hacking and espionage” incident. Though after flicking through all the recorded statement one thing is clear that the intrusion did no harm to the internal IT System of the Parliament.

 “At this stage , one alternative is that unknown factors have been able to obtain Information through the hacking, either for the benefit of a foreign state or to harm Finland” , Muurman further added. The larceny of the hackers has affected a lot of individuals of the country though obviously the number is unsure. 

The thing that requires the maximal gravity here is that, during the same time, in the fall, some Russian hackers have also accessed the emails of various Parliamentary personnel and representative of Norway to acquire some information. Both the hacks were quite indistinguishable in nature and can be thought to be linked as well. 

The officials in command stated, “This case is exceptional in Finland serious due to the quality of the target and unfortunate for the victims”. Proffering a sense of placidity to the victims the KRP Tero Muurman also made a statement claiming that “International cooperation has taken place in the investigation” and the drudges would be behind the bars for the felony. 

Hackers stole the personal data of patients in Finland


Finland: Hackers have stolen data from the Vastaamo Psychotherapy Center. Folders with personal information of tens of thousands of Suomi citizens, who in different years applied to this medical organization, were freely available

The Сenter's archive includes people not only with serious mental illnesses but also those who have experienced temporary psychological difficulties. Journalists note that the organization's lists include politicians, businessmen, public figures, as well as ordinary citizens, even minors.

The attackers made public the names of patients, addresses, phone numbers, identification numbers, as well as the contents of psychotherapy sessions. And they declare that they will not remove this information from public access until they receive the money.

It is not surprising that the leak of personal data excited the entire Finnish society.  Finnish President Sauli Niinistö, in an interview with journalists, urged citizens to refuse further dissemination of information that was disclosed by the criminals.

"This concerns all of us. Information about each of us is constantly collected on various platforms. This also applies to everyone, because everyone has something intimate that we do not want to disclose," said Niinistö.

However, the President's appeals did not help. Data is spreading at a breakneck speed As the influential newspaper Helsingin Sanomat reports, the Crime Victim Support Service is overwhelmed by calls from victims of hackers' actions, as well as those who fear that their names could also get into the network.

Several hundred clients of the Center said that they filed a police report demanding criminal proceedings because of the data leak.

The Central Criminal Police notes that a criminal can act from anywhere in the world.

The Center itself believes that the database may have been subjected to two cyber attacks. The first attack occurred in November 2018. The second attack probably occurred between late November 2018 and March 2019.

Finnish media noticed that over the weekend, information about the Center's patients began to disappear, and new information no longer appears. Because of this, there were rumors that the clinic paid the ransom. A representative of the center declined to comment on them.