Police and Parliament Say the Incident Happened Earlier This Year
Finnish police and parliament officials are investigating a security incident that happened earlier this year in which attackers gained access to internal IT networks and appear to have compromised lawmakers’ email accounts.
The strike appears to have taken place sometime during the fall and was discovered earlier this month, according to the Finnish Central Criminal Police. Currently, law enforcement officials believe this intrusion is an act of espionage.
“The act is not accidental. At this stage, one alternative is that unknown [actors] have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland,” says Tero Muurman, the crime commissioner from the Finnish Central Criminal Police.
Anu Vehviläinen, the speaker of Finland’s parliament, notes that during the investigation of the incident, authorities found that some parliamentary email accounts were compromised, including accounts that belonged to elected lawmakers, or MPs.
Vehviläinen called this a serious attack on the country’s democracy.
“We must make every effort to ensure a high level of security in both the public and private sectors. In order to strengthen cybersecurity, we need our own national measures as well as active action at EU level and other international cooperation,” Vehviläinen says.
Finnish police did not attribute the attack to a specific group or nation-state and did not say when the investigation would be complete.
This incident is the second attack against a Nordic legislative body this year.
Earlier this month, Norwegian officials announced that they believe the Russian-linked hacking group known as APT28, or Fancy Bear, was responsible for a campaign discovered in August, in which the email accounts of some elected officials and government employees were compromised (see: Norway Says Russia-Linked APT28 Hacked Parliament).
Norway’s Parliament, known as the Storting, notes that the investigation determined the threat actors used brute-force tactics to obtain valid email credentials. The investigation also revealed that the threat actors were successful in extracting sensitive content from some of the affected email accounts.
In May, German prosecutors concluded that APT28 was responsible for the 2015 cyberattack against Germany’s parliament, which resulted in the theft of thousands of emails (see: Russian a Suspect in German Parliament Hack: Report).
In October, the European Union issued sanctions against two Russian nationals who are suspected of being members of APT28 and who carried out the attack of Germany’s lower house of parliament, or Bundestag, in 2015. The sanctions included asset freezes and travel bans, and EU businesses are now forbidden to conduct business with these suspects (see: EU Sanctions 2 Russians for German Parliament Hack).
Analysts and security researchers have previously linked APT28 to Russia’s Main Intelligence Directorate, commonly referred to as the GRU, which serves as the military intelligence division of Russia’s armed forces. APT28 is also associated with Russia’s 85th Main Special Service Center, or GTsSS, which is also known as Military Unit 26165.
While both Norway and Germany have blamed Russian-linked hackers for these hacking incidents, Russia has denied any involvement.