Supo is the security and intelligence agency of Finland that handles national security matters, such as counter-intelligence and counter-terrorism, under the jurisdiction of the Interior Ministry. According to Supo, the state cyber-espionage operation APT31 might be responsible for the cyber attack on Finland’s Parliament last autumn.
Last year, the Security Police has identified a state cyber-espionage operation against Parliament, which tried to infiltrate Parliament’s information systems.
According to intelligence from the Security Police, this was the so-called APT31 operation.
What happened during the attack?
A cyber attack was aimed at Finland’s Parliament in the autumn of 2020. This specific attack was caught by the Parliament’s internal technical surveillance, and the breach was investigated by the National Bureau of Investigation (NBI).
The attack managed to compromise the security of several parliamentary email accounts, some of which belonging even to the MPs.
In a statement released March 18, the Detective Superintendent Tero Muurman of the NBI said that while the investigation into the cyber-attack was ongoing, police had “found some indications of possible perpetrators.”
We are investigating links to the APT31 group, but we will not disclose any details about the facts discovered as the criminal investigation is ongoing.
We have not excluded the possibility that the purpose of the attack was to gather intelligence to benefit a foreign state or to harm Finland’s interests.
This is an unfortunate situation for the victims and, given the nature of the institution attacked, the incident is exceptional in Finland.
However, globally speaking, it is not so unique as similar incidents are discovered worldwide every now and then.
Who is APT31?
APT31 is a China-backed hacking group involved in numerous operations related to information theft and espionage.
APT31 was observed last year by Microsoft when aiming attacks against international affairs community leaders associated with the Joe Biden Presidential campaign, but the APT31 criminal presence does not stop here, the organization was also spotted by Google while targeting “campaign staffers’ personal emails with credential phishing emails and emails containing tracking links.”
So far it’s not certain that the APT31 criminal group is behind this attack, therefore the NBI will work together with Supo in its investigation, as well as with a number of international bodies, in order to be certain regarding the attackers’ identity.