Finnish officials formally blamed today a group of Chinese state-sponsored hackers known as APT31 for a cyber-attack that breached the Finnish Parliament’s internal IT systems last year.
The attack, which took place in the fall of 2020, also resulted in attackers gaining access to the email accounts of some members of Parliament, officials said in December 2020, when they discovered and publicly disclosed the intrusion.
Today, both the Finnish Central Criminal Police (KRP) and the Finnish Security Intelligence Service (SUPO) have released formal statements linking the attack to a hacking group tracked by security firms under the monickers of APT31, Zirconium, Judgement Panda, or Bronze Vinewood.
Officials said they reached their conclusion after studying materials gathered following the hack and in cooperation with partners abroad.
APT31 has a long history of hacking governments
According to FireEye, the security vendor that named APT31, the group is “a China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.”
Active since the early 2010s, the group has targeted multiple sectors, including government entities, which appear to be its primary targets.
A Google report published in October 2020 also linked APT31 to attacks against campaign staffers during the 2020 US Presidential Election.
But in cybersecurity circles, today’s announcement has surprised some experts who were expecting the attack to be linked to Russia.
The reason is that Norway disclosed a similar security breach of its Parliament’s IT network in the fall of 2020. Officials later attributed the hack to Russian state-sponsored hacking group APT28, which has had a long history of targeting the Baltic and Scandinavian regions to scout for information that could be useful in Russian’s foreign policies.