Finland's Ministry of Defence Website Hit by DDoS Cyberattack

Introduction

Finland's Ministry of Defence website experienced a significant distributed denial-of-service (DDoS) cyberattack this week, leading to intermittent outages and restricted public access. The disruption, which began on Tuesday, was officially confirmed on Wednesday, September 24, 2025, by ministry spokesperson Riina Kauppila.

Attack Details and Impact

The cyberattack primarily targeted the Ministry of Defence's public website, overwhelming its servers with artificial traffic. This resulted in the site being temporarily disabled, causing intermittent outages and limiting access for users. The ministry initially reported the incident via its official account on the platform X. By 14:07 local time on Wednesday, the ministry announced that the attack had concluded. However, officials cautioned that ongoing protective measures might still lead to service interruptions for some users. It was emphasized that DDoS attacks are designed to disrupt service availability rather than to steal information or gain unauthorized access to internal systems. Other critical government websites, including those of the Foreign Ministry, Prime Minister's Office, and Parliament, remained unaffected by the incident.

Attribution and Ongoing Cyber Threats

While the initial confirmation from spokesperson Riina Kauppila stated that the source and motive of the attack remained unknown, a Russian-aligned hacker group, NoName 057(16), subsequently claimed responsibility. According to Juhani Eronen, a lead specialist at Finland's Cybersecurity Centre, NoName 057(16) has been actively targeting Finnish websites since Monday, with the attacks continuing for four consecutive days. Eronen characterized the group as a long-standing, volunteer-based entity that frequently seeks publicity for its actions and whose timing and target selection align with Russian interests. The group reportedly announced its attacks on platforms like Telegram, inviting activists to participate. This incident underscores a broader trend of increased cyber activity targeting public institutions in Finland and the Nordic region amidst heightened geopolitical tensions.

Response and Broader Context

Under Finnish law, denial-of-service attacks are considered criminal offenses. The Ministry of Defence did not immediately confirm whether a criminal report would be filed, though police routinely encourage government agencies to do so following such incidents. This cyberattack occurs in a period where Finland has been actively strengthening its cyber resilience and overall defense capabilities. The nation's Cyber Security Strategy was revised in 2024 to address a changed security environment, including the implications of Russia's full-scale invasion of Ukraine and and Finland's membership in NATO. Efforts to stabilize the website's operations are ongoing, though a timeline for full restoration has not yet been provided.