Finland’s foreign minister announced that foreign intelligence agents had carried out large-scale cyber espionage into government communications.
The Finnish Ministry of Foreign Affair networks has been targeted in a cyber espionage operation lasting at least four years, the news has been reported by the Finnish commercial broadcaster MTV3.
Finland’s foreign minister Erkki Tuomioja confirmed the shocking news, a large hacking attack targeted the The Finnish Ministry of Foreign Affair networks:
“I can confirm there has been a severe and large hacking in the ministry’s data network,” “
There are indications that information with the lowest level security classification has been compromised, he said.”
He declined to comment on possible involvement of foreign governments, but MTV3 cited unidentified sources that indicated Chinese and Russian intelligence agents as responsible.
The cyber espionage was conducted with malware based attacks to spy on communications between Finland and the European Union, according first information on the investigation made public, the malicious code used by hackers has many similarities with Red October, but Ari Uusikartan, the director general of the information and documentation division at Finland’s Ministry for Foreign Affairs reported that the agent is more sophisticated than Red October.
Despite the news has reported only now, the data breach was uncovered in the first part of this year, the Finnish commercial broadcaster MTV3 confirmed that the malware was detected by a foreign reporting to CERT.FI. The Finnish government and the authorities are continuing the investigation and for this reason many details on it have not yet been disclosed.
The cyber espionage campaign known as Red October, reported by Kaspersky Lab early 2013, hit computer networks of numerous government and diplomatic agencies. Also in that case the cyber espionage campaign was started since 2007 and is still active, this circumstance suggests to security experts that the attack against Finland’s Ministry of Foreign Affairs could be a spin-off of the same group of hackers.
It is possible that a common actor was involved in both campaign, and probably in many other cyber attacks that haven’t been discovered yet.
Security experts investigated on Red October stated that exploits used in the attacks appear to have Chinese origins meanwhile the analysis of source code revealed the involvement of Russian-speaking individuals … Is Russia or China involved in the cyber espionage against Finland’s Ministry of Foreign Affairs?
Just for curiosity let’s remind that neighbor Estonia was victim of a powerful attack in 2007 that paralyzed the Internet network in the country, Estonia blamed Russian government for the cyber attack.
The two governments are principal suspects but in the cyberspace the attribution is quite difficult and investigators need further information, the Finnish Security Intelligence Service is investigating on the complicated case.
Probably Finland is just the first country on a long series of victims.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.