Finland implicates China-linked APT31 in parliament hack

It's only the latest case of alleged cyber-espionage to rock a Nordic parliament.
Environmental protesters outside of Finnish parliament in March 2019. Finnish officials have implicated a China-linked hacking group in a breach of the parliament. (VESA MOILANEN/AFP via Getty Images)

The Finnish government has blamed a group of suspected Chinese spies for hacking into the Finnish parliament last year and accessing emails.

In a statement Thursday, Finnish intelligence officials pointed the finger at APT31, a hacking group that security researchers say operates on behalf of Chinese interests. The intrusions began last fall and were revealed in December, when the speaker of the Finnish parliament described it as  “hostile cyber activity” that could harm Finnish interests.

The Finnish Security and Intelligence Service labeled it a state-backed operation. That statement said APT31 was responsible, but did not name China directly. Separately, Finnish police on Thursday describe the hacking as “aggravated espionage” and “message interception.”

The Finnish statements are part of a pattern of increased willingness of U.S. allies in Europe to blame specific hacking groups for spying campaigns. Viktor Rantala, a Finnish scholar, said it was the first time that he could recall that Finnish authorities had publicly attributed a cyber-intelligence operation to a specific group.


Cyber-espionage on legislative bodies is routine, as spies from various countries look to obtain government secrets. But some Finnish officials still reacted with outrage to the parliament hack.

Petteri Orpo, a member of Finnish parliament, said Thursday that hacking activity like the parliament breach “must be stopped” and called on Finland to “take appropriate action” to respond to the breaches, without elaborating.

China has taken a growing interest in Finland in recent years, with increasing investments from Chinese companies making Beijing one of the Nordic country’s top trading partners.

APT31 has been known to target organizations in the legal and consulting sectors, and to hide their tracks by using GitHub and Dropbox to store their computing tools, according to Dell-owned Secureworks. The group allegedly targeted the presidential campaign of Joe Biden last year.

The Chinese Embassy in Washington did not respond to a request for comment on Thursday on the allegations. Beijing often denies conducting hacking operations.


The Finnish breach is only the latest case of alleged cyber-espionage to rock a Nordic parliament. Norwegian officials in October accused Russian state-backed hackers of infiltrating Norway’s parliamentary IT systems and stealing data from emails. Moscow denied the allegation.

This also isn’t the only recent reported APT31 foray in Europe. German intelligence officials warned in January that the group had conducted reconnaissance against the networks of multiple German government agencies.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts