According to information released by the United States, the APT31 hacker group connected to China has also attacked European politicians. The group’s activities are also the fault of the Central Criminal Police.
The data breach targeting the Finnish parliament may be related to the information published this week about cyber attacks targeting Western countries, experts in the information security industry estimate.
Yesterday, the Central Criminal Police informed about the preliminary investigation of the data breach targeting the parliament in 2020–2021, in which the police have been able to identify one suspect of the crime. According to the police, the suspected connection to the APT31 hacker group has been confirmed during the preliminary investigation. The group is linked to the Chinese state.
From the beginning of the week, the US Department of Justice made wide-ranging charges public, which target seven people connected to the same APT31 hacker group. According to the indictment, Chinese hackers are suspected of widespread online attacks not only against US companies and administration, but also against politicians of EU member states, among other things.
According to the indictment, for example, politicians from EU countries and Great Britain belonging to the inter-parliamentary organization IPAC (Inter-Parliamentary Alliance on China), which is critical of China, have been targeted by Chinese hackers. Finnish politicians are not involved in the organization’s activities.
Director of research at the information security company Withsecure Mikko Hyppönen considers it possible that there is a connection between the information published in the United States and the parliamentary data breach investigation.
– It is completely possible. I find the information in the indictment very interesting. In addition to the group’s activities, US counterintelligence has succeeded in finding out directly which individuals in China have been involved in this, Hyppönen says.
Head of the Cyber Security Center Janne Allonen is on the same lines.
– I don’t doubt for a moment that KRP would cooperate closely with international partners in this matter, says Allonen.
The hacker group aims to collect information on the decision-making of states
The Central Criminal Police has given very little information about its own investigation, but according to yesterday’s press release, KRP cooperates not only with international actors but also with the protection police responsible for counterintelligence in Finland.
According to Hyppönen, the APT31 group will be connected directly to the Chinese state security unit. It is an espionage-related group that has collected information from both companies and governments around the world.
– APT31 has used attacks specifically to collect information, for example by attacking the systems of defense equipment manufacturers. In Finland, the parliamentary system is a pretty good example of an attack that aims to collect information related to state decision-making, Hyppönen says.
According to Hyppönen, the group is best known for trying to hide the traces of attacks by recycling network connections through home users’ routers. The attackers have therefore taken over the box that is used to distribute network connections to all devices in the home.
– Apparently, the attack comes from the home of an innocent home user, although in reality the attack comes from mainland China, Hyppönen explains.
According to Hyppönen’s understanding, APT31 operates from the city of Wuhan. Wuhan is also known as the starting point of the coronavirus pandemic.
According to Cyber Security Center Allonen, in addition to the investigation into the data breach of the parliament, no other operations have been identified in Finland that the APT31 group is suspected to be involved in, but the possibility of the group’s other activities in Finland cannot be ruled out.
Hyppönen: Disclosure of information serves as a good deterrent
The international media has had time get up already don’t that one can read about espionage attempts against European politicians on the website of the US Department of Justice.
Hyppönen estimates that this indicates either that US counterintelligence is much more effective than elsewhere, or that the intelligence services of other countries do not want to publish the results of their own investigations.
In Hyppönen’s opinion, caught government hackers should be told openly, even though suspects under the protection of states such as Russia or China are unlikely to ever be held accountable for their actions.
– In my opinion, this is a very effective way to report when a cybercriminal or a hacker related to government activities has been caught. When the name and information are made public, this acts as a deterrent to other potential attackers and concretely prevents at least this individual person from traveling outside their own country after that, says Hyppönen.
The protection police has also brought up the intelligence aimed at Finland by China.
According to Supo China is targeting Finland with personal intelligence and cyber espionage, the purpose of which is to obtain information on foreign policy views and technological product development.
According to supo, the export restrictions on semiconductor technology imposed by the United States on China also increase China’s need to acquire information through cyber espionage.
The video below shows how Finland prepares to fight against cyber attacks: