Finland Says APT31 Behind the 2021 Parliament Breach

Finland Says APT31 Behind the 2021 Parliament Breach
Table of Contents
    Add a header to begin generating the table of contents

    The Finnish Police have officially confirmed that the APT31 hacking group, which has ties to the Chinese Ministry of State Security (MSS), was responsible for the breach of the Finnish parliament that was disclosed in March 2021.


    Following this revelation, a collaborative criminal investigation involving the Finnish Security and Intelligence Service and international partners has been launched to probe various suspected offenses, including aggravated espionage, violation of communication secrecy, and unauthorized access to the information systems of the Finnish Parliament.

    Detective Chief Inspector Aku Limnéll of the National Bureau of Investigation has described the ongoing investigation as revealing a “complex criminal infrastructure.”

    “It is suspected that the offences were committed between autumn 2020 and early 2021. The police have previously informed that they investigate the hacking group APT31’s connections with the incident,”

    “These connections have now been confirmed by the investigation, and the police have also identified one suspect.”

    Said the Finnish Police.

    As previously stated by Finnish Parliament officials three years ago, they described the incident as a “state cyber-espionage operation” believed to be connected to the “APT31 operation.”

    The attackers were able to gain access to several parliament email accounts, including those belonging to Finnish Members of Parliament.

    OFAC Imposed Sanctions on APT31

    On Monday, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on two individuals, Zhao Guangzong and Ni Gaobin, who are associated with APT31.

    These individuals were working as contractors for Wuhan XRZ, a front company designated by OFAC, which the Chinese MSS used as a cover for carrying out critical infrastructure attacks in the United States.

    Additionally, the United Kingdom also imposed sanctions on Wuhan XRZ and the two APT31 hackers. This action was taken in response to their involvement in breaching the GCHQ intelligence agency, targeting U.K. parliamentarians, and hacking into the systems of the country’s Electoral Commission.

    On the same day, the U.S. Justice Department filed charges against Zhao Guangzong, Ni Gaobin, and five other defendants, namely Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, and Xiong Wang.

    These individuals have been implicated in Wuhan XRZ operations for a period of at least 14 years.

    In addition, the U.S. State Department has announced rewards of up to $10 million for any information that can aid in locating and/or apprehending any of the seven Chinese MSS hackers associated with Wuhan XRZ and APT31.

    In July 2021, the United States, along with its allies such as NATO, the European Union, and the United Kingdom, publicly attributed the extensive Microsoft Exchange hacking campaign to the threat groups APT40 and APT31, both linked to the Chinese MSS.

    APT31, also known as Zirconium and Judgment Panda, has a history of engaging in information theft and espionage operations. They were also involved in the theft and unauthorized use of the EpMe NSA exploit several years prior to its public disclosure by the Shadow Brokers in April 2017.

    Four years ago, Microsoft detected APT31 carrying out attacks targeting high-profile individuals associated with Joe Biden’s presidential campaign. Around the same time, Google also identified their activities, specifically targeting personal email accounts of campaign staffers through credential phishing emails.

    Related Posts