The group carried out two separate attacks on Finnish businesses in July, but their own websites have been down for weeks.
The recent prolonged inactivity of a cybercrime organization known as the LV Group suggests that it itself has been the target of a cyberattack, according to the head of data security firm Cyber Intelligence House.
LV’s inactivity caught the attention of cybersecurity experts and the CEO of Cyber Intelligence House, Mikko Niemelasaid he suspected the criminal group was itself the target of a denial of service (DoS) attack.
LV claimed responsibility for a recent attack on Finnish engineering firm Wärtsilä as well as an attack on Finnish news agency STT in late July.
However, the criminal group’s blog on the dark web’s Tor network has been down for weeks this month and the group’s inactivity has sparked interest from the data security community.
Niemelä said such attacks among criminals on the dark web are known to have happened before.
“The question is whether they are at war with each other or whether there is someone there who is against everyone, for example a new group. That is also possible,” said Niemelä told STT.
Mikko Hypponenresearch director at cybersecurity firm WithSecure, said he also noticed that LV’s data leak and payment websites had been down for several weeks.
Hyppönen said it’s possible the company was targeted by a DoS attack but couldn’t confirm that scenario.
“It’s quite possible, but then [the site] must have had a DoS attack for quite a long time – almost a month, or at least three weeks,” Hyppönen told STT.
Ransomware attacks in July
Websites targeted by DoS attacks are shut down by so much network traffic that they are unable to function properly.
Helsinki Police are investigating the attack on STT as an alleged data breach and disruption of data system crimes.
As the preliminary investigation is still ongoing, the Department’s Chief Superintendent of Detectives, Jukkapekka Risusaid there was nothing new to comment on the probe.
There is speculation that a competitor of LV may have targeted the criminal group, according to Cyber Intelligence House’s Niemelä.
Asked if the authorities played a role in shutting down LV’s dark websites, Niemelä said it was unlikely, as DoS attacks only cause temporary problems.
Meanwhile, Hyppönen said such a scenario could be possible, “but there is no information to indicate it”.
Senior Detective Superintendent Risu would not say whether authorities were behind the closure of the sites.