The Finnish government’s computer networks have been breached by malware for years, and it is possible secure communications have been compromised, the Finnish Ministry for Foreign Affairs confirmed Friday.
The malware was discovered in January but it was in place for years before being discovered, said Ari Uusikartano, director general of the Information and Documentation Division of the Ministry for Foreign Affairs of Finland. The government kept the breach secret until a Finnish TV station reported it on Thursday.
“My estimate is that it has been active about two or three years,” before it was discovered, said Uusikartano. There are indications that information with the lowest level security classification has been compromised, he said.
Immediately after the breach was discovered, the Finnish police started an investigation that is still ongoing, said Uusikartano.
All of Finland's secrets revealed
The malware used to spy on the Finnish government resembles malware used in a spying operation dubbed “Red October”, but it is more advanced than that, said Uusikartano. “That is why it was able to penetrate our defenses,” he said.
Red October is an espionage campaign that was uncovered by researchers from antivirus firm Kaspersky Lab in January. During that campaign, unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organizations from around the world, using highly customized and sophisticated data theft malware, according to Kaspersky.
“When we announced it, the Red October campaign was ongoing for at least 6 years, with thousands of modules being created and deployed to hundreds of high profile victims worldwide,” said Costin Raiu, director of Kasperky Lab’s global research and analysis team in an email on Friday.
It is possible that Red October was just one campaign from the same actor, and there could be others that haven’t been discovered yet, Raiu said.
Finnish media reported that Russian and Chinese intelligence organizations could be behind the attack, but the government spokesman maintained that the perpetrator is still unknown.
Kasperky’s analysis indicated that the Red October attackers were proficient in the Russian language, said Raiu, but he added that this does not have to mean that the attackers were Russian.
Besides Finland, other countries could be the victim of the same attack, said Uusikartano. “There are indications that this is not a strictly Finnish problem,” he said, adding that Finland has discussed this matter with several European countries. He declined to name the other countries. The matter has also been discussed in Brussels in European Union circles, he added.
While Kasperksy has no independent information on this specific incident in Finland, Raiu said that Red October infections were observed in many E.U. countries, including government organizations.
Since January, the number of Red October victims has been decreasing. Nevertheless, there are still victims in countries including Belgium, Romania, Croatia, the U.K., Estonia, Lithuania, Slovakia, the Netherlands and Germany, he said.