Finnish police, also known as Poliisi, have formally charged a Chinese nation-state group traced as APT31 with planning cyber attacks against the country’s parliament in 2020.
The intrusion allegedly occurred between the fall of 2020 and early 2021, according to authorities. The agency said the ongoing criminal investigation is laborious and time-consuming, involving extensive analysis of “complex criminal infrastructure.”
The vulnerability was first disclosed in December 2020, with the Finnish Security and Intelligence Service (Supo) describing it as a state-sponsored cyber espionage operation aimed at penetrating parliament’s information systems.
“The police have previously informed that they are investigating the relationship between the hacker group APT31 and this incident,” Poliisi said. “These connections have now been confirmed by the investigation and the police have also identified a suspect.”
APT31, also known as Altaire, Bronze Vinewood, Judgment Panda, and Violet Typhoon (formerly Zirconia), is a Chinese government-backed group that has been active since at least 2010.
Earlier this week, Britain and the United States accused the rival group of conducting a wide-ranging cyber espionage campaign targeting businesses, government officials, dissidents and politicians.
Seven agents linked to the group have been charged in the United States for their role in the hacking campaign. Two of them – Ni Gaobin and Zhao Guangzong – were sanctioned by both countries, along with a company called Wuhan Xinruizhong, which allegedly acted as a front for orchestrating cyberattacks against critical infrastructure.
“Guangzong is a Chinese citizen who, as a contractor for the Wuhan high-speed rail project, conducted multiple malicious cyber operations against American victims,” the U.S. Treasury Department said. “Ni Gaobin assisted Zhao Guangzong in many of the most high-profile malicious operations.” Internet activities, and Zhao Guangzong is a contractor of Wuhan XRZ.”
In July 2021, the United States and its allies accused APT31 of participating in a widespread campaign to exploit zero-day security vulnerabilities in Microsoft Exchange servers, with the possible goal of “obtaining personally identifiable information and intellectual property.”
However, China has pushed back against accusations that it supports hacking campaigns targeting the West. It accused the Five Eyes alliance of spreading “disinformation about the threat posed by so-called ‘Chinese hackers'”.
Chinese Foreign Ministry spokesperson Lin Jian said that we urge the United States and the United Kingdom to stop politicizing cyber security issues, stop smearing China and imposing unilateral sanctions on China, and stop cyber attacks against China. China will take necessary measures to resolutely safeguard its legitimate rights and interests.
