Who and why is attacking companies in the Nordic Countries?

Pierluigi Paganini May 25, 2015

Security experts at FireEye have published a report that details the cyber threats targeting various sectors in the Nordic countries.

According to FireEye, threat actors targeted strategic industries (i.e. aerospace and defense, energy, health and pharmaceuticals, and shipping), government and defense agencies searching for political, economic and military intelligence.

Experts believe sophisticated threat groups could be particularly interested in sectors such as aerospace and defense, energy, health and pharmaceuticals, and shipping.

Threat actors targeted Nordic countries due to their robust economies and valuable information managed by companies operating in sectors like renewable energy and healthcare.

Denmark, Finland, Iceland, Norway, and Sweden are privileged targets for both state-sponsored hackers and cyber criminal organizations.

State-sponsored groups target Nordic countries mainly for cyber espionage, ATP groups search industrial secrets, personal and financial information, and intellectual property.

State-sponsored hacking campaigns are also conducted by foreign governments that have a diplomatic dispute with one of the governments of the Nordic countries.

“State-sponsored threat actors pose the greatest risk to Nordic governments and industries. These threat actors want state secrets, sensitive personal and financial data, and intellectual property from key industries. State-sponsored threat actors most likely seek to use any information that they obtain to benefit their government’s decision makers and industries.” states the report published by FireEye.

Researchers at FireEye explained that Russian and Chinese hackers are very active in the area, they managed numerous cyber espionage campaigns conducted to steal political and military secrets of Nordic countries. Popular APT actors such as Red October and APT28 also targeted companies, organizations and government entities in the region.

Not only state-sponsored hackers target Nordic countries, criminal gangs continuously target public and private companies operating in the area.

“Nordic companies and governments are likewise vulnerable to cyber criminals looking to cash in on stolen data. Malware used in these attacks could pose an incessant burden to network defenders.” continues the report.

The analysis of threat activities revealed that the highest number of APT and malware alerts were observed in in Norway (47%), followed by Denmark (36%), Sweden (14%), and Finland (3%).

Nordic countries threat activities

Among the various malware used by APT groups, the experts observed a prevalence of notorious RATs, including njRAT, XtremeRAT, and Gh0stRAT. The hackers were mainly interested in information related sectors such as chemical, education, energy and utilities, financial services, high-tech, manufacturing, mining, services consulting, and telecom.

Nordic countries APT malware

The list of targets in the Nordic countries includes Nonprofits, minority groups, media and other organizations that promote transparency, the report mentions the case of a series of DDoS attacks launched allegedly Russian state-sponsored hackers against a Chechen news site hosted by a Swedish company.

Another interesting consideration to do analyzing threat activities in the region are the motivation of attackers.

Despite financial motivation and cyber espionage are the principal motivation behind the attacks, the researchers highlighted the risks related to sabotage. In the region operate top companies in the energy industry that are always under attack of various bad actors.

I will stop here, Enjoy the report!

Pierluigi Paganini

(Security Affairs – Nordic Countries, APT)

you might also like

leave a comment