According to a new statement issued today an attack on the Parliament of Finland last year that led to the compromise of the parliament’s email accounts was performed by Chinese nation-state hackers.
The last year’s attack had been detected by the Finnish Parliament’s security team and has been investigated by the Finnish National Bureau of Investigation (NBI), with assistance from the Security Police and the Central Criminal Police.
In that attack some parliament e-mail accounts may have been compromised, including those that belong to MPs, Parliament officials said at the time.
The investigation has progressed, and the authorities issued a statement today that reads:
“Last year, the Security Police has identified a state cyber-espionage operation against Parliament, which tried to infiltrate Parliament’s information systems. According to intelligence from the Security Police, this was the so-called APT31 operation.”
APT31 (also tracked as Zirconium and Judgment Panda) is a China-backed hacking group specialized on intellectual property theft and known for its high-profile attacks on various private and governmental organizations. It’s largely attributed to the Chinese government.
Last year, Microsoft observed APT31 attacking international affairs community leaders and targeting Joe Biden’s presidential campaign.
No further details regarding the attack will be disclosed while the investigation is still ongoing, the Police said.
In August 2020, Norway reported a strikingly similar incident in which several email accounts belonging to Norwegian Parliament members were hijacked. Later Norway’s Minister of Foreign Affairs revealed that the attack was coordinated by Russian state hackers who managed to steal email accounts’ data. While the Norwegian Police Security Service stated that it was the Russian state-sponsored APT28 behind the hack.
And previously, in 2015, there was an attack on the German Federal Parliament (Deutscher Bundestag) that led to the hacking of several parliament members’ email accounts and later to sanctions against multiple APT28 members imposed by the Council of the European Union.
The US Cyber Command confirmed Russia’s involvement in multiple attacks on EU institutions and governments and shared malware implants used by Russian hacking groups.