Hacking

Trump-Putin Meeting was the root cause of a spike of cyber attacks against Finland

F5 experts observed a spike in the attacks in the days prior to the Trump-Putin meeting on July 16 that was held in Helsinki, Finland.

Important events represent an element of attraction for cyber attacks, in June we discussed the Trump-Kim summit and the way Singapore that held it was hit by an unprecedented number of attacks from June 11 to June 12.

At the time most of the cyber attacks were originated in Russia.

Let’s analyze the effect in the cyberspace of another event, the Trump-Putin meeting that was held in Helsinki in Finland that historically is not a privileged target of hackers.

The experts pointed out that they have no data to suggest the attacks against Finland were successful.

Once again researchers at security firm F5 analyzed the number of attacks that hit the location during the summit and made an interesting discovery, most of the cyber attacks were originated in China.

“On July 16th, President Trump met with Vladimir Putin in Helsinki, Finland. As expected, attacks against Finland skyrocketed days before the meeting. What’s interesting this time around is that Russia wasn’t the top attacker—perhaps because Trump was meeting with Putin? In this case, China was the top attacker.” reports the security firm F5.

Experts observed many similarities between the attacks that were observed against the countries that hosted the two meeting.  Hackers targeted the same ports, including included SIP port 5060 typically used by VoIP systems  (#3 in Finland attacks, #1 in Singapore attacks), SQL port 1433 (#6 in Finland, #3 in Singapore), and Telnet port 23 (#3 in Finland, #9 in Singapore).

Most of the attacks targeted SSH port 22 which is typically used for the secure remote administration of Internet of Things (IoT) devices. Attackers scan for devices configured with default credentials to compromise them with brute force attacks.

The second most targeted port was the SMB port 445.

“The challenge is that the device credentials are typically vendor defaults and, as such, are routinely brute forced. The majority of the attacks against Finland surrounding the Trump-Putin meeting were brute force attacks. ” continues F5.

Experts noticed that some ports targeted by the attacks during the Trump-Putin meeting were not hit during the Singapore summit, for example, the HTTP port 80, MySQL port 3306, the alternate web server port 8090, often used for web cameras, and RDP port 3389.

Experts highlighted that Finland is not included in the list of top-targeted countries.

Which were the other top targeting countries during the Helsinki meeting?

The top targeting countries were

  1. China (29%);
  2. United States (14%);
  3. France (9%);
  4. Italy (8%);
  5. Russia (7%);

According to F5, ChinaNet was the top attacking network during the attack spike.

“If threat actors can follow anyone from an average citizen to a CIA agent, why not President Trump, or any member of his official entourage? They are perhaps the highest valued intelligence targets on the planet right now. Even allied state actors have an interest in gaining eyes or ears into any member of the Trump entourage,” F5 concludes.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – gaming, money laundering)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

3 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

10 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

21 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.