ClickCease Finland Blames APT31 Hackers For Parliament Cyber Attack

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Finland Blames APT31 Hackers For Parliament Cyber Attack

Wajahat Raja

April 8, 2024 - TuxCare expert team

APT31 Hackers, a Chinese threat actor group, has recently been accused by the Finnish police of attacking the nation’s parliament in 2020. According to recent reports, this attack is said to have occurred between the fall of 2020 and early 2021. Apart from a security breach, the attack also compromised the email accounts of Parliament members as APT31 hackers gained unauthorized access.  

In this article, we’ll dive into the details of the attack and learn more about the allegations raised by Finland.

 

Uncovering APT31 Hackers 


Advanced Persistent Threat 31
is a group of state-sponsored intelligence officers, staff, and contract hackers in China. The group is known for engaging in hacking activities and conducting malicious cybercrime operations. They are known to have acted through a front company named Wuhan Xiaoruizhi Science and Technology Company (Wuhan XRZ) until 2024 and have been linked to China’s Ministry of State Security (MSS). 

Reports have cited US government officials as shedding light on state-sponsored cyber attacks conducted by APT-31. According to these reports, officials claim that APT31 hackers target foreign governments and policy experts as part of the MSS’s foreign intelligence and economic objectives. As of now, seven men, aged 34 to 38, are engaged in hacking activities in the US and are accused of supporting the MSS.

It’s also worth mentioning here that authorities in the US are offering awards of up to $10 million for information on the APT31 hackers


APT31 Hackers: Finland Parliament Cyber Attack 


The attack, the responsibility for which is being assigned to the
APT31 Hackers, was first disclosed in December 2020. At the time, the Finnish Security and Intelligence Service (Supo) described it as a state-backed espionage system that was designed to infiltrate the Parliament’s information system. Media reports claim that the police in Finland have commented on the attack by stating that: 

“The police have previously informed that they are investigating the hacking group APT31’s connections with the incident. These connections have now been confirmed by the investigation, and the police have also identified one suspect.”


APT31’s History of Attacks 


The
APT31 hackers’ attack on the Parliament of Finland is not a standalone event. The hacker group has a history of initiating state-sponsored cyberattacks. In 2020, a published Google report linked APT31 hackers to attacks on campaign staffers during the US Presidential Elections of that year. An expert from the report that sheds light on these attacks reads: 

“One APT31 campaign was based on emailing links that would ultimately download malware hosted on GitHub. The malware was a Python-based implant using Dropbox for command and control. It would allow the attacker to upload and download files as well as execute arbitrary commands.”

In addition to this, there have been other spear-phishing attacks attributed to the APT31 hackers. These attacks targeted government officials and included: 

  • U.S. Senators.
  • Representatives.
  • White House employees.
  • Workers at the Departments of Justice, Commerce, Treasury, and State.

These attacks were facilitated by custom malware such as RAWDOOR, Trochilus RAT, and EvilOSX. The custom malware established a connection with the adversary-controlled servers. The APT31 hackers then used the connection to receive and execute commands on the targeted systems.  

In addition to governments and officials, the APT31 hackers are also known for targeting organizations in multiple sectors. Some of these sectors include information technology, telecommunication, finance, consulting, research, manufacturing, and more.  


China’s Response Amid Allegation From US, UK, And Finland 


Just recently, both US and UK officials imposed sanctions and filed charges against the
APT31 hackers. These nations, alongside Finland, have accused China of being the sponsor of such cyber espionage initiatives. Commenting on the Finland Parliament cyber attack, a statement from the police reads: 

“The suspected offenses under investigation have been aggravated espionage, aggravated unlawful access to an information system, and aggravated violation of the secrecy of communications.” 

China, however, has rejected these accusations, pointing the finger toward the Five Eyes alliance for spreading misinformation. In addition, China’s Foreign Ministry Spokesperson has stated that: 

“We urge the U.S. and the U.K. to stop politicizing cybersecurity issues, stop smearing China and imposing unilateral sanctions on China, and stop cyber attacks against China. China will take necessary measures to firmly safeguard its lawful rights and interests.”


Conclusion 


Finland has recently joined the list of nations blaming the Chinese-backed
APT31 hackers for an attack on its Parliament’s information system in 2020. The attack compromised the email accounts of several government officials. The APT31 hackers are known to leverage attack methods like spear-phishing and custom malware to carry out their malicious intent. 

Given such online threats, implementing sophisticated cybersecurity solutions is essential, as they mitigate risk and increase online protection. 

The sources for this piece include articles in The Hacker News and Cybernews.

Summary
Finland Blames APT31 Hackers For Parliament Cyber Attack
Article Name
Finland Blames APT31 Hackers For Parliament Cyber Attack
Description
APT31 hackers were blamed for an attack on Finland’s Parliament. Read the article and learn more about the truth behind the allegations.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter