Cyberattack on Finland Parliament Information System is the latest allegation of Chinese Espionage.
Earlier this week USA has sanctioned Chinese State Actors for hacking.
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on two operatives affiliated with APT31, Zhao Guangzong and Ni Gaobin, who served as contractors for Wuhan XRZ. This company, designated by OFAC, was utilized by the Chinese Ministry of State Security (MSS) as a front in cyber attacks on critical infrastructure within the U.S.
In a coordinated effort, the United Kingdom also sanctioned Wuhan XRZ and the two APT31 hackers. Their actions included breaching the GCHQ intelligence agency, targeting U.K. parliamentarians, and infiltrating the systems of the country’s Electoral Commission.
Later New zealand alleged China for doing the sponsored attacks in their country.
The Finnish Police, also known as Poliisi, has formally indicted a Chinese state-sponsored actor identified as APT31 for orchestrating a cyber assault on the country’s Parliament in 2020.
Authorities revealed that the intrusion took place between the fall of 2020 and early 2021. Describing the ongoing investigation as intricate and time-consuming, the agency emphasized the need for extensive analysis of a “complex criminal infrastructure.”
The breach initially came to light in December 2020, when the Finnish Security and Intelligence Service (Supo) characterized it as a state-supported cyber espionage operation aimed at infiltrating the Parliament’s information systems.
Poliisi stated, “The police have previously indicated that they are probing the connections of the hacking group APT31 with the incident. These connections have now been verified by the investigation, and the police have identified one suspect.”
APT31, also known as Altaire, Bronze Vinewood, Judgement Panda, and Violet Typhoon (formerly Zirconium), is a Chinese state-affiliated entity that has been operational since at least 2010.
Recently, both the U.K. and the U.S. attributed a widespread cyber espionage campaign to this adversarial collective, targeting businesses, government officials, dissidents, and politicians.
In the U.S., seven operatives linked to the group face charges for their involvement in the hacking spree. Notably, Ni Gaobin and Zhao Guangzong, along with a company named Wuhan XRZ, have been sanctioned by both nations for allegedly orchestrating cyber attacks against critical infrastructure.
“Guangzong, a Chinese national, has carried out numerous malicious cyber operations against U.S. targets as a contractor for Wuhan XRZ,” stated the U.S. Treasury. “Ni Gaobin assisted Zhao Guangzong in many of his most high-profile malicious cyber activities while Zhao Guangzong was a contractor at Wuhan XRZ.”
Furthermore, in July 2021, the U.S. and its allies implicated APT31 in an extensive campaign exploiting zero-day security flaws in Microsoft Exchange servers, likely aiming to acquire personally identifiable information and intellectual property.
In response to the accusations, China has refuted claims of its involvement in hacking campaigns targeting the West. It accused the Five Eyes (FVEY) alliance of disseminating “disinformation about the threats posed by the so-called ‘Chinese hackers.'”
China’s Foreign Ministry Spokesperson Lin Jian urged the U.S. and the U.K. to refrain from politicizing cybersecurity issues, stop smearing China, imposing unilateral sanctions, and conducting cyber attacks against China, stating that China will take necessary measures to safeguard its lawful rights and interests.
