14:00 ET, 5 November 2013

Finland’s foreign minister announced that foreign intelligence agents had carried out large-scale cyber espionage into government communications.

The Finnish Ministry of Foreign Affair networks has been targeted in a cyber espionage operation lasting at least four years, the news has been reported by the Finnish commercial broadcaster MTV3.

Finland’s foreign minister Erkki Tuomioja confirmed the shocking news, a large hacking attack targeted the The Finnish Ministry of Foreign Affair networks:

“I can confirm there has been a severe and large hacking in the ministry’s data network,” “

There are indications that information with the lowest level security classification has been compromised, he said.

scs

He declined to comment on possible involvement of foreign governments, but MTV3 cited unidentified sources that indicated Chinese and Russian intelligence agents as responsible.

The cyber espionage was conducted with malware based attacks to spy on communications between Finland and the European Union, according first information on the investigation made public, the malicious code used by hackers has many similarities with Red October, but Ari Uusikartan, the director general of the information and documentation division at Finland’s Ministry for Foreign Affairs reported that the agent is more sophisticated than Red October.

Despite the news has reported only now, the data breach was uncovered in the first part of this year, the Finnish commercial broadcaster MTV3 confirmed that the malware was detected by a foreign reporting to CERT.FI. The Finnish government and the authorities are continuing the investigation and for this reason many details on it have not yet been disclosed.

Similarities with Red October

The cyber espionage campaign known as Red October, reported by Kaspersky Lab early 2013, hit computer networks of numerous government and  diplomatic agencies. Also in that case the cyber espionage campaign was started since 2007 and is still active, this circumstance suggests to security experts that the attack against Finland’s Ministry of Foreign Affairs could be a spin-off of the same group of hackers.

It is possible that a common actor was involved in both campaign, and probably in many other cyber attacks that haven’t been discovered yet.

Security experts investigated on Red October stated that exploits used in the attacks appear to have Chinese origins meanwhile the analysis of source code revealed the involvement of Russian-speaking individuals … Is Russia or China involved in the cyber espionage against Finland’s Ministry of Foreign Affairs?

Just for curiosity let’s remind that neighbor Estonia was victim of a powerful attack in 2007 that paralyzed the Internet network in the country, Estonia blamed Russian government for the cyber attack.

The two governments are principal suspects but in the cyberspace the attribution is quite difficult and investigators need further information, the Finnish Security Intelligence Service is investigating on the complicated case.

Probably Finland is just the first country on a long series of victims.

Pierluigi Paganini

(Security Affairs –Cyber espionage, Finland’s Ministry of Foreign Affairs)

rsa-logo