Between September 22 and 25, 2025, Finland experienced an unprecedented four-day distributed denial-of-service (DDoS) attack targeting critical government infrastructure. The assault disrupted official websites of all parliamentary parties, the Ministry of Defence, the Ministry of the Interior, the State Council, and the Supreme Court. According to the Finnish Transport and Communications Agency Traficom’s Cyber Security Centre, the operation was carried out by the pro-Russian hacker group NoName 057(16). The cyber campaign also inflicted damage on certain Ukrainian websites, signaling a coordinated regional threat.
Widespread impact on critical infrastructure across Europe
The Finnish attack followed a large-scale cyber incident on September 19–20, 2025, which targeted registration and boarding systems in multiple European airports, notably Berlin, Brussels, and London. Berlin’s airport continued to experience disruptions for days, with numerous flights delayed, rescheduled, or cancelled. European law enforcement agencies have noted a marked increase in such incidents in 2025, attributing them to sustained operations by pro-Russian actors focusing on governmental and critical infrastructure systems.
Patterns and methods of NoName 057(16) operations
Investigations reveal that NoName 057(16) routinely announces targets in advance, inviting other hackers to join their campaigns. This tactic magnifies impact and complicates attribution. Beyond DDoS attacks, Russian special services have been linked to sabotage tactics including arson of storage facilities, damage to undersea communication cables, GPS interference, and online recruitment of third-country nationals. Such operations are part of a wider hybrid warfare strategy aimed at undermining democratic stability in Europe.
European response and the “European shield of democracy” initiative
The European Union is developing a comprehensive countermeasure known as the “European shield of democracy”, designed to strengthen cyber resilience and counter hybrid threats, including disinformation campaigns and electoral interference. The initiative reflects recognition that such cyber campaigns are not isolated events, but part of a coordinated effort to destabilise democracies, erode institutional trust, and weaken support for Ukraine among EU and NATO members.
Strategic risks and future outlook
As cyberattacks against government and critical infrastructure intensify, European states are enhancing cooperation through both EU and NATO mechanisms. Analysts warn that without robust collective defence measures, hybrid threats will continue to pose significant risks to security, democratic processes, and transatlantic unity. This situation underscores the urgency of bolstering cyber defences and maintaining resilience in the face of evolving hybrid warfare.
Finland’s recent experience is a stark reminder that cyber threats are no longer confined to isolated incidents, but are a persistent element of modern geopolitical conflict.
