The group carried out two separate attacks on Finnish companies in July, but their own websites have been down for weeks.
The recent prolonged inactivity of a cybercrime organization known as the LV Group suggests it was itself the target of a cyberattack, according to the head of data security firm Cyber Intelligence House.
LV’s inactivity has caught the attention of cybersecurity experts and the CEO of Cyber Intelligence House, Mikko Niemeläsaid he suspects the criminal group itself was the target of a denial of service (DoS) attack.
LV claimed responsibility for a recent attack on the Finnish engineering firm Wärtsilä and an attack on the Finnish news agency STT in late July.
However, the criminal group’s blog site on the Tor network of the dark web has been offline for weeks this month, and the group’s inactivity has sparked interest within the data security community.
Niemelä said such attacks among criminals on the dark web are known to have taken place before.
“The question is whether they are at war with each other or whether there is someone who is against everyone, for example a new group. That is also possible,” Niemelä tells STT.
Mikko Hypponendirector of research at cybersecurity firm WithSecure, said he also noticed that LV’s data breach and payment websites have been down for several weeks.
Hyppönen said it is possible that the company was the target of a DoS attack, but cannot confirm that scenario.
“It is quite possible, but then [the site] must have been under a DoS attack for quite some time – almost a month, or at least three weeks,” Hyppönen told STT.
Ransomware attacks in July
Websites that are the target of DoS attacks are shut down by such large amounts of network traffic that they cannot function properly.
Helsinki Police are investigating the attack on STT as a suspected data breach and disruption of data system crime.
As the preliminary investigation is still ongoing, the department’s chief inspector, Jukkaka Risusaid there was nothing new to report about the probe.
According to Niemelä of Cyber Intelligence House, there is speculation that an LV competitor could have been targeted by the criminal group.
When asked about the possibility that authorities played a role in bringing down LV’s dark websites, Niemelä said it was unlikely, as DoS attacks only cause temporary problems.
Meanwhile, Hyppönen said such a scenario could be possible, “but there is no information to indicate that.”
Senior Detective Risu declined to comment on whether the authorities were behind the closure of the sites.