Finnish police (also known as Poliisi) have formally charged a Chinese state actor identified as APT31 with orchestrating a cyberattack against the country’s Parliament in 2020.
The intrusion, according to authorities, is said to have occurred between the fall of 2020 and early 2021. The agency described the ongoing criminal investigation as challenging and time-consuming, involving a in-depth analysis of a “complex criminal infrastructure”.
The breach was first revealed in December 2020, when the Finnish Security and Intelligence Service (Supo) described it as a state-backed cyber espionage operation designed to penetrate Parliament’s information systems.
“The police have already informed that they are investigating the links of the APT31 hacking group to the incident,” Poliisi said. “These links have now been confirmed by investigations and police have also identified a suspect.”
APT31, also called Altaire, Bronze Vinewood, Judgment Panda, and Violet Typhoon (formerly Zirconium), is a state-backed Chinese group that has been active since at least 2010.
Earlier this week, the UK and US accused the adversary collective of engaging in a widespread cyber espionage campaign against companies, government officials, dissidents and politicians.
Seven agents associated with the group have been charged in the United States for their involvement in the hacking wave. Two of them – Ni Gaobin and Zhao Guangzong – were sanctioned by the two nations, along with a company called Wuhan XRZ, which allegedly served as a front to orchestrate cyberattacks against critical infrastructure.
“Guangzong is a Chinese national who conducted numerous malicious cyber operations against US victims as a contractor for Wuhan XRZ,” the US Treasury said. “Ni Gaobin assisted Zhao Guangzong in many of his most high-profile malicious cyber activities while Zhao Guangzong was a contractor at Wuhan XRZ.”
In July 2021, the United States and its allies engaged APT31 in a widespread campaign that exploited zero-day security flaws in Microsoft Exchange servers with the goal of possibly “acquiring personally identifiable information and intellectual property.”
China, however, has hit back at accusations that it was behind the hacking campaign against the West. He accused the Five Eyes (FVEY) alliance of spreading “disinformation about threats posed by so-called ‘Chinese hackers’.”
“We urge the United States and the United Kingdom to stop politicizing cybersecurity issues, to stop denigrating China and imposing unilateral sanctions on China, and to stop cyberattacks against China,” the Ministry of Foreign Affairs spokesperson said. Chinese Foreign Lin Jian. “China will take necessary measures to firmly safeguard its legitimate rights and interests.”