Finland says government communications hacked

It is likely that other European countries haven been breached too, the Finnish foreign ministry said

The Finnish government's computer networks have been breached by malware for years, and it is possible secure communications have been compromised, the Finnish Ministry for Foreign Affairs confirmed Friday.

The malware was discovered in January but it was in place for years before being discovered, said Ari Uusikartano, director general of the Information and Documentation Division of the Ministry for Foreign Affairs of Finland. The government kept the breach secret until a Finnish TV station reported it on Thursday.

"My estimate is that it has been active about two or three years," before it was discovered, said Uusikartano. There are indications that information with the lowest level security classification has been compromised, he said.

Immediately after the breach was discovered, the Finnish police started an investigation that is still ongoing, said Uusikartano.

The malware used to spy on the Finnish government resembles malware used in a spying operation dubbed "Red October", but it is more advanced than that, said Uusikartano. "That is why it was able to penetrate our defenses," he said.

Red October is an espionage campaign that was uncovered by researchers from antivirus firm Kaspersky Lab in January. During that campaign, unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world, using highly customized and sophisticated data theft malware, according to Kaspersky.

"When we announced it, the Red October campaign was ongoing for at least 6 years, with thousands of modules being created and deployed to hundreds of high profile victims worldwide," said Costin Raiu, director of Kasperky Lab's global research and analysis team in an email on Friday.

It is possible that Red October was just one campaign from the same actor, and there could be others that haven't been discovered yet, Raiu said.

Finnish media reported that Russian and Chinese intelligence organizations could be behind the attack, but the government spokesman maintained that the perpetrator is still unknown.

Kasperky's analysis indicated that the Red October attackers were proficient in the Russian language, said Raiu, but he added that this does not have to mean that the attackers were Russian.

Besides Finland, other countries could be the victim of the same attack, said Uusikartano. "There are indications that this is not a strictly Finnish problem," he said, adding that Finland has discussed this matter with several European countries. He declined to name the other countries. The matter has also been discussed in Brussels in European Union circles, he added.

While Kasperksy has no independent information on this specific incident in Finland, Raiu said that Red October infections were observed in many E.U. countries, including government organizations.

Since January, the number of Red October victims has been decreasing. Nevertheless, there are still victims in countries including Belgium, Romania, Croatia, the U.K., Estonia, Lithuania, Slovakia, the Netherlands and Germany, he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about KasperskyKaspersky

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Loek Essers

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts