The number of ransomware attacks targeting Finland has increased fourfold since the country began the process of joining NATO in 2023.
The news was reported by Recorded Future News which interviewed Sauli Pahlman, the deputy director general for Finland’s National Cyber Security Centre (NCSC).
Finnish officials believe that the surge in the number of attacks is politically motivated.
Vladimir Putin issued multiple warnings that Russia would respond in kind if Nato set up military infrastructure in Finland after they joined the alliance.
In June, the Finnish government expelled nine diplomats from the Russian embassy in Helsinki and accused them of cyber espionage for Moscow.
In October 2022, the Finnish Security Intelligence Service (Suojelupoliisi or SUPO) warned of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.
At the time, the SUPO pointed out NATO that membership will make the country a privileged target for Russian intelligence and influence operations.
The intelligence agency stated that cyber threats to Finland’s critical infrastructure has increased in both the physical and cyber environments as a result of the Russian invasion of Ukraine. These malicious activities could potentially paralyse infrastructure operations with unpredictable consequences.
“Future NATO membership will make Finland a more interesting target for Russian intelligence and influence operations. One target of particular interest will be the formulation of policy in a militarily allied Finland. Russia’s assessment of what kind of NATO member Finland is becoming determines the aims and methods of influence operations.” reads the unclassified National Security Overview 2022 published last week by the Finnish agency. “Finland is portrayed as a member of a hostile alliance, whose location in the near vicinity of Russia exemplifies the threat of NATO enlargement, a narrative disseminated by the Russian regime.”
According to the report, Russia’s traditional intelligence gathering activity relied on spies with diplomatic cover, but this approach has become substantially more difficult since Russia invaded Ukraine, because many Russian diplomats have been expelled from the West.
The report pointed out that despite the Russian reactions to Finland’s NATO accession process have been restrained for the time being, and Finland was not targeted by any extraordinary influencing in the course of policymaking, the government fears an escalation of the malicious activities.
The agency also warned that these operations mainly target organizations and individuals from Western countries who reside in Finland.
The Russian security and intelligence services were increasingly targeting foreigners who reside in or visit Russia as well as Russians working in the West when they return.
SUPO also warned that Russian citizens working in critical positions in Finland may also be subject to coercion from Russian authorities.
Finland has yet to suffer a disruptive attack, Pahlman explained that the cyber resilience of Finnish organizations is higher compared to their international counterparts.
“Obviously, offensive [capabilities], attacking back, is something that’s publicly discussed often… The world’s superpowers, the larger states, they all have offensive capabilities, we’ve read about them over the years, however at least statistically they haven’t been able to save these nations from being targeted by attacks, sometimes even in pretty severe cases,” concluded Pahlman. “So I don’t believe there’s a single silver bullet.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Finland)