Security Experts:

Nordic Countries an Attractive Target for APT Groups, Cybercriminals: FireEye

FireEye has released a report detailing the cyber threats targeting various sectors in Europe’s Nordic countries.

Government transparency, innovations in fields like renewable energy and healthcare, and rich natural resources make Denmark, Finland, Iceland, Norway, and Sweden a tempting target for malicious actors, the security firm said.

On one hand, Nordic governments and industries are attacked by state-sponsored groups that are after state secrets, personal and financial information, and intellectual property that can benefit their own government. Advanced persistent threat (APT) groups could also target countries in this region if there is tension or a conflict between a country and the government that sponsors the attackers.

Public and private sector companies in Denmark, Finland, Iceland, Sweden and Norway are also often targeted by cybercriminals looking to make a profit from stolen data, FireEye noted in its report.

Data collected from FireEye’s customers in the region shows that the highest number of APT and malware alerts are in Norway (47%), followed by Denmark (36%), Sweden (14%), and Finland (3%).

njRAT, XtremeRAT, and Gh0stRAT are the most prevalent threats detected in APT attacks. Such campaigns have targeted sectors such as chemical, manufacturing, mining, education, energy and utilities, high-tech, financial services, services consulting, and telecom.

FireEye says it has investigated several economic espionage operations launched by APT actors sponsored by nation states such as Russia and China. Experts believe sophisticated threat groups could be particularly interested in sectors such as aerospace and defense, energy, health and pharmaceuticals, and shipping.

“These threat actors often target their victims’ most sensitive information, including executive emails, financial data, and intellectual property. They probably hand the data over to support the sponsor government’s economic, military, and political goals,” researchers said. “Governments can use this information to boost domestic industries. By stealing foreign competitors’ goods and technologies, they can undercut competing suppliers on the global market and gain the upper hand in negotiations with foreign counterparts.”

Nonprofits, minority groups, media and other organizations that promote free speech and transparency are also vulnerable. It’s not uncommon for state-sponsored groups to attack such organizations over controversial or sensitive issues. An example provided by FireEye is the 2012 DDoS attacks launched allegedly by the Russian government against a controversial Chechen news site hosted by a Swedish company. A different example involves the defacement of roughly 1,000 Danish websites by hacktivist protesting against a local newspaper’s cartoon depiction of the prophet Muhammad.

Actors sponsored by Russia and China are believed to be after the political and military secrets of Nordic countries. The security firm said it spotted a China-based APT group in March 2015 trying to collect military and diplomatic intelligence from security and defense organizations. Notorious APT actors such as Red October and APT28 are also known to have targeted such information in the region.

Experts have also pointed out that espionage is not the only concern. The energy industry, for instance, can be targeted by malicious actors whose goal is to cause damage. As a top energy supplier for the European Union, Norway is a likely target, FireEye noted.

Finally, the report covers the activities of well organizer cybercrime groups that steal personal and healthcare information which they can use for identity theft, to withdraw funds from bank accounts, and make fraudulent purchases. They also sell the stolen information on underground markets.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.