Finland has announced that in a recent attack against its national parliament, the email accounts belonging to its MPs were accessed without authorisation.

Although no official statement has linked the cyber strike to any known hacking groups, just a couple of months before the attack on Finland’s parliament was revealed, Russian threat operators with links to the state penetrated the government email system of another Scandinavian country.

A malicious raid on government communication systems

The public announcement released by the Finnish Parliament stated that a group of hackers had succeeded in gaining entry to the government’s internal systems for IT. During the network penetration, some Members of Parliament discovered that their government email accounts had been entered without permission.

While no exact time and date has been given for the system penetration, Finnish government officials have stated that the attack likely occurred at the end of 2020. The intrusion was uncovered and identified by members of the Finnish Parliament’s dedicated IT personnel. However, the country’s authorities have now taken charge of the incident, with a full investigation into the attack now underway headed by the Finnish Central Criminal Police (KRP).

A statement made officially by Tero Muurman, the KRP’s Commissioner, explained that the cyberattack against the Finnish Parliament caused no harm to the internal IT systems. He did add, however, that the incident was in no way accidental, and that the intrusion was purposeful.

The KRP commissioner also said that the government level security breach was presently being classified as a suspected act of espionage while under investigation. He commented:

“At this stage, one alternative is that unknown factors have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland. The theft has affected more than one person, but unfortunately, we cannot tell the exact number without jeopardising the ongoing preliminary investigation. This case is exceptional in Finland, serious due to the quality of the target and unfortunate for the victims.”

While no countries were named specifically or details given, Muurman also mentioned that during the investigation, the Finnish Central Crime Police had received international cooperation.

A similar strike against Norway

Although neither the Finnish Government nor its national law enforcement agency have alluded to such a connection, an incident with many similarities happened a few short months before in Norway. In the fall of 2020, the Norwegian Parliament disclosed that it had suffered a breach on its internal communication systems for email. Just like the attack on Finland, some Norwegian MP’s email accounts were invaded during the intrusion.

After many months of investigating a similar incident, the Norwegian police secret service (PST) confirmed that the intrusion was the work of a notorious gang of hackers called APT28, which possesses strong links to the GRU, the military intelligence service of Russia. Recent reports have indicated that APT28 has shown a growing interest in using brute force hacks aimed at email accounts.