Finland confirms that hackers breached MPs’ emails accounts

The Parliament of Finland confirmed that threat actors had access to email accounts of multiple members of parliament (MPs).

“Parliament of Finland has been subjected to a cyberattack in the fall of 2020. The attack was discovered by parliament technical surveillance. Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs.” Parliament officials said.

“The cyberattack is being investigated by the National Bureau of Investigation. The investigation is supported by Parliament of Finland.” 

The attack took place in the fall of 2020, in the same period Russia-linked hackers accessed the emails and data of a small number of Norwegians parliamentary representatives and employees.

Foreign hackers broke into the internal IT system and accessed email accounts for some MPs.

The Finnish Central Criminal Police (KRP) is investigating the security breach with the support of the Parliament. 

According to KRP Commissioner Tero Muurman, the attack is likely part of a cyberespionage campaign carried out by nation-state actors, but it did not cause any damage to the Parliament’s infrastructure.

“At this stage, one alternative is that unknown factors have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland,” Muurman said.

“The theft has affected more than one person, but unfortunately, we cannot tell the exact number without jeopardizing the ongoing preliminary investigation. This case is exceptional in Finland, serious due to the quality of the target and unfortunate for the victims,”.

The KRP revealed it is investigating the incident with the support of international law enforcement and intelligence bodies.

“The breach has affected more than one person, but unfortunately we cannot provide the exact number without endangering the ongoing preliminary investigation,” Muurman said, adding that the nature of this investigation is unusual for Finnish authorities.

“This case is exceptional in Finland, with serious and unfortunate consequences for the victims,”

Parliament Speaker Anu Vehviläinen said that this incident is a serious attack on Finnish society and democracy.

“We cannot accept any kind of hostile cyber activity, whether carried out by a governmental or non-governmental body,” Vehviläinen said.

“In order to strengthen cyber security, we need our own national measures as well as active action at the EU level and in other international cooperation,” she added.

In October, the Norwegian police secret service (PST) blamed Russia-linked cyberespionage group APT28 for the cyber attack that targeted the email system of the country’s parliament in August.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Finland)

[adrotate banner=”5″]

[adrotate banner=”13″]