The Finnish Police attributed the March 2021 attack on the parliament to the China-linked group APT31. The Finnish authorities investigated multiple offenses, including aggravated espionage, aggravated unlawful access to an information system, and aggravated violation of the secrecy of communications.
According to the police, the offences were committed between autumn 2020 and early 2021. The police immediately suspected the involvement of the China-linked cyberespionage group APT31 and now confirmed the attribution. The police announced that they had also identified one suspect.
The multi-year investigation revealed a complex criminal infrastructure used by the nation-state actors, explained the Head of Investigation, Detective Chief Inspector Aku Limnéll of the National Bureau of Investigation.
“The police have previously informed that they investigate the hacking group APT31’s connections with the incident. These connections have now been confirmed by the investigation, and the police have also identified one suspect.” reads the press release published by the Finnish Police.
The investigation relied on an international information exchange, the National Bureau of Investigation collaborated with international entities and the Finnish Security and Intelligence Service
This week, the US government announced sanctions against a pair of Chinese hackers (Zhao Guangzong and Ni Gaobin), alleged members of the China-linked APT31 group, who are responsible for âmalicious cyber operations targeting U.S. entities that operate within U.S. critical infrastructure sectors.â
The U.S. Treasury Department has sanctioned a tech company based in Wuhan, the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), used by the Chinese Ministry of State Security (MSS) as a front in attacks against organizations in the U.S. critical infrastructure sector.
UK, Australia and New Zealand are also accusing China-linked APT31 of cyber operations against UK institutions and parliamentarians.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs â hacking, APT31)