APT31 Fingered for Cyber-Attack on Finnish Parliament

Written by

An advanced persistent threat group (APT) with links to the Chinese government has been blamed for a cyber-espionage attack on Finland's parliament. 

The Finnish Security and Intelligence Service (Supo) announced on Thursday that APT31 was behind a cyber-espionage campaign that targeted the Finnish parliament last fall

Security companies including Checkpoint and FireEye have linked APT31's activities with the state cyber-operations of the People's Republic of China. 

"Supo identified a state-run cyber espionage operation targeted last year against the parliament with the aim of intruding into its IT systems," stated the service. "According to Supo intelligence, APT31 was responsible for the attack."

A number of parliamentary email accounts were compromised in the attack, which was detected by the legislature’s internal technical surveillance. The National Bureau of Investigation (NBI) said at the time that some accounts belonging to MPs were impacted.

In a statement released March 18, the NBI said that while the investigation into the cyber-attack was ongoing, police had "found some indications of possible perpetrators."

"We are investigating links to the APT31 group, but we will not disclose any details about the facts discovered as the criminal investigation is ongoing," said Detective Superintendent Tero Muurman of the NBI.

Muurman said that the motive of the attack was still being determined. 

"We have not excluded the possibility that the purpose of the attack was to gather intelligence to benefit a foreign state or to harm Finland's interests," he said.

Muurman added that while the attack was a big deal on a national scale, when contemplated from an international perspective, it was not unusual. 

"This is an unfortunate situation for the victims and, given the nature of the institution attacked, the incident is exceptional in Finland," said Muurman. 

"However, globally speaking, it is not so unique as similar incidents are discovered worldwide every now and then."

Since the attack, Supo said that the parliament has taken steps to improve its information security. 

Speaker of Parliament Anu Vehviläinen (Cen) said: "When the suspected crimes in an investigation are aggravated espionage, aggravated burglary, and aggravated breach of confidentiality, everyone understands how serious the matter is."

What’s hot on Infosecurity Magazine?