Finnish authorities said they had traced a cyber attack against the country's parliament last year to a hacker group linked to the Chinese government. The breach took place in December 2020 and led to the compromise of some parliament e-mail accounts, including those belonging to the country’s MP.
The attack was detected by the Finnish Parliament's security team and is being investigated by the Finnish National Bureau of Investigation (NBI), with the help of the Security Police and the Central Criminal Police. According to intelligence from the Security Police, the malicious actor behind the incident is believed to be the cyber-espionage group known as APT31, Zirconium, Judgement Panda, or Bronze Vinewood, previously linked by security researchers to China.
“We are investigating links to the APT31 group, but we will not disclose any details about the facts discovered as the criminal investigation is ongoing. The motive is under investigation. We have not excluded the possibility that the purpose of the attack was to gather intelligence to benefit a foreign state or to harm Finland's interests,” said Detective Superintendent Tero Muurman of the NBI.
The cybersecurity firm FireEye describes APT31 as “a China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.” The malware associated with the group includes the Sogu backdoor, and the Luckybird, Slowgyro, Duckfat malware.