Sweden, Finland partner to take down Sipulitie criminal marketplace

Avatar

An online haven for the sale of narcotics and other criminal goods in Scandinavia was shut down and had its servers seized by law enforcement agencies in Sweden and Finland.

Launched in February 2023 on the Tor network, the Sipulitie marketplace originally focused on Finland before expanding to cover other Scandinavian countries. A predecessor was created in April 2019 but was shut down by Finnish Customs and Polish authorities in December 2020.

Finnish authorities said their investigation revealed the identity of the administrator of both sites as well as other people who served as moderators and customer service agents. Police agencies were also able to identify people who sold and bought things on the platform. 

Finnish Customs said it worked with Swedish Police, Europol and police units in Finland, adding that their investigation is ongoing. Officials did not say if the takedown involved arrests, but network servers for the platform were seized and the Tor website was shut down. 

The administrator of the platform, who was not named, was seen boasting that the site generated more than €1.3 million  (about $1.4 million) throughout its time in operation, according to Finnish Customs. Users conducted sales in both Finnish and English. 

Hannu Sinkkonen, director of enforcement at Finnish Customs, said the takedown was one of several his agency has conducted. 

“Over the years, we at Finnish Customs have intervened effectively using many different methods in the criminal activities taking place on the dark web,” Sinkkonen said

Bitdefender Chief Security Strategist Alex Cosoi told Recorded Future News that their researchers provided Finnish Customs with information to aid their investigation into the platform. 

Cosoi said they also assisted with the 2020 take down of Sipulitie’s predecessor. He explained that the operation should serve as “a message to criminals who believe the dark web covers their actions and guarantees their anonymity.” 

“If they become the target of an international effort, they can’t hide,” he said. 

Last year, Finnish authorities worked with Europol to take down another dark web marketplace called PIILOPUOTI. 

The platform also operated on the Tor network, allowing people to smuggle and sell drugs as well as drug paraphernalia into Finland, according to a statement from Finnish Customs.

CybercrimeGovernmentNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Pokémon video game developer confirms its systems were breached by hackers

Next Post

British intelligence services to protect all UK schools from ransomware attacks

Related Posts

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a
Avatar
Read More

Manufacturing Security: Why Default Passwords Must Go

If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's default password "1111." This narrow escape prompted CISA to urge manufacturers to
Avatar
Read More

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0. "The vulnerability allows an attacker with network access to an Erlang/OTP SSH
Avatar
Read More