Trump / Putin Summit Was A Magnet For Hackers

Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation. President Donald Trump's recent meeting with Russian counterpart Vladmir Putin in Helsinki proved to be as much a magnet for cyber-attackers as his Singapore meeting with Korean leader Kim Jong-un in June.

As with the previous attacks, the ones in Finland appear to be mostly attempts to break into weakly protected Internet of things (IoT) devices to be used to spy on targets of interest in Finland. 

The main difference was that instead of the attacks mostly emanating from Russia, this time a majority of attacks came from networks in China.

F5 Networks, which was the first to report on the Singapore attacks in June, this week reported a similar big spike in malicious traffic directed at targets in Finland in the days leading to the Trump-Putin summit.

As in Singapore, the Finland attacks targeted ports and protocols used by IoT devices, such as SIP port 5060, which is associated with VoIP phones and videoconferencing systems, and SQL port 1433 and Telnet port 23, for remote administration of IoT devices. 

"Nation-states, spies, mercenaries, and others don't need to dress up as repairmen to plant bugs in rooms anymore," F5 Networks said in its report. "They can just hack into a room that has vulnerable IoT devices."

Researchers at F5 Networks also noted some differences among the attacks. SIP port 5060, for instance, was the top targeted port in the Singapore attacks, while in Finland it was SSH port 22, typically used for secure remote administration, followed by SMB port 445. 

"The ports being attacked are popular ports overall," says Sara Boddy, threat researcher at F5 Networks. "We expect to see attacks against 3306 and other popular database ports and data services like TCP/9200. 

“This is due to data being made public that should have remained private," she says. What is interesting is the different targeting by different threat actors. "Perhaps attackers coming out of Russia prefer SIP attacks, as we saw in Singapore, versus SSH attacks out of China, like we saw in Finland."

China was not the only country where attack traffic spiked during the Trump / Putin meeting in Helsinki. Italy and Germany also had noticeable spikes. 

In typical weeks, Italy and Germany rank 13th and 14th in the list of top-attacking countries in Finland. In the days preceding the meeting, the volume of attack traffic put them in the fourth and seventh spots, respectively, F5 Networks said. 
Attack traffic from the US dropped slightly from usual but was still enough to keep the country in second spot, behind China. Meanwhile, Russia-based threat actors hit the brakes somewhat in that period, dropping the country from its usual third most-attacking country status to fifth.

Given the timing and targeting, it is safe to assume that a combination of state-sponsored actors and other malicious threat actors are behind the attacks, Boddy says. "Everyone has a stake in the game, from adversaries wanting to spy, to friendlies that also want to know what's going on, to hacktivists who want a lead on a story," she said. 

Distant as such attacks might seem, businesses need to pay attention. The attacks highlight the importance for enterprises to secure all Internet-connected infrastructure from rack servers in a data center to security cameras, wireless access points, phone and video-conferencing systems, entertainment systems, HVAC systems, and vending machines, Boddy notes.

At a minimum, security means protecting remote administration to your devices or restricting them to a specified management network, always changing default vendor passwords, and staying properly patched, she says.

Dark Reading

You Might Also Read: 

Spies Hack Journalism:

Singapore: The Place To Launch Cyber Attacks From:

Trump Tells US Cyber Command To Get More Aggressive:      

 

« What A ‘Cyber 9/11’ Would Look Like
MoneyTaker Take Money From A Russian Bank »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Gamma

Gamma

Gamma is a leading provider of Unified Communications as a Service (UCaaS) into the UK, Dutch, Spanish and German business markets.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

NWN Carousel

NWN Carousel

NWN Carousel delivers AI-powered technology solutions for the modern workplace. From unified communications and intelligent infrastructure to robust cybersecurity.

ST Engineering Antycip

ST Engineering Antycip

ST Engineering Antycip (formerly Antycip Simulation) is Europe’s leading provider of professional grade COTS simulation software, projection & display systems, and related engineering services.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Crygma

Crygma

CRYGMA Quantum-Resistant Cryptographic Machines, the new standard in data encryption.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).