Finland’s security services identify China-linked cyber-spying agent in Finnish Parliament hack

Finnish parliament votes on the government’s nuclear building proposal in Helsinki July 1, 2010. (Mikko Stig/Lehtikuva/REUTERS)
The Finnish Security and Intelligence Service (Supo) has identified a cyber espionage operation as being behind a cyber-attack on Finland’s Parliament last autumn. Some data security firms have linked the operation to the Chinese state.

In a press release on Thursday, the agency said that 2020 was a year of “exceptionally intensive cyber espionage operations both in Finland and elsewhere in Europe,” which included the attempt to infiltrate Parliament’s IT systems.

The National Bureau of Investigation (NBI) said at the time that the attack was detected by the legislature’s internal technical surveillance and the security of a number of parliamentary email accounts was compromised, some of which belonged to MPs.

The NBI announced via a press release on Thursday that the matter is being investigated as a suspected aggravated computer break-in, aggravated espionage, and aggravated message interception.

In its own statement, Supo said that the state cyber espionage operation APT31 was responsible for the attack.

APT31 has previously been linked to China’s state cyber operations, for example by security companies such as Checkpoint (external link) and FireEye (external link).

The NBI added that some indications of possible perpetrators were discovered during the analysis of material collected during the criminal investigation.

“We are investigating links to the APT31 group, but we will not disclose any details about the facts discovered as the criminal investigation is ongoing,” Detective Superintendent Tero Muurman of the NBI said. “The motive is under investigation. We have not excluded the possibility that the purpose of the attack was to gather intelligence to benefit a foreign state or to harm Finland’s interests.”

Speaker of Parliament Anu Vehviläinen (Cen) said on Thursday that she considered it important that such a serious attack on Parliament had been traced.

“When the suspected crimes in an investigation are aggravated espionage, aggravated burglary, and aggravated breach of confidentiality, everyone understands how serious the matter is. Such activities are always an attack on our democracy and on Finnish society,” Vehviläinen said.

Breach triggered extensive investigation

When a possible data breach was first suspected, Supo provided information to Parliament, on the basis of which the Parliament’s IT administration could identify possible further hacking attempts.

Parliament acted in accordance with the instructions it received and further strengthened its information security, Supo said.

Supo also provided information to the National Cyber Security Centre Finland (NCSC-FI) so that it could improve its own monitoring capabilities.

When Parliament’s own technical report revealed that the IT systems had been breached, Supo assessed that the constituent elements of an aggravated offence were met and reported the case to the NBI.

Related stories from around the North:

Canada: Russian hypersonic ‘Dagger’ demands rethink of North American defences, experts say, Eye on the Arctic

Finland: US missiles: Finnish, Russian presidents call for dialogue at Helsinki meeting, Yle News

Iceland: Iceland & UK sign agreement to boost security, defence cooperation, Eye on the Arctic

Norway: Norway absent from massive US-led multinational drill in Europe next year, The Independent Barents Observer

Russia: Russia’s top general indirectly confirms Arctic deployment of Kinzhal missile, The Independent Barents Observer

Sweden: Swedish Security Police: Increasing threat against Sweden, Radio Sweden

United States: NORAD modernization to dominate agenda of Canada-U.S. defence relations, experts say, Eye on the Arctic

Yle News

For more news from Finland visit Yle News.

Do you want to report an error or a typo? Click here!

Leave a Reply

Note: By submitting your comments, you acknowledge that Radio Canada International has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Radio Canada International does not endorse any of the views posted. Your comments will be pre-moderated and published if they meet netiquette guidelines.
Netiquette »

Your email address will not be published.