Mar 28, 2024NewsroomCyber Espionage / Malware

The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber attack targeting the country’s Parliament in 2020.

The intrusion, per the authorities, is said to have occurred between fall 2020 and early 2021. The agency described the ongoing criminal probe as both demanding and time-consuming, involving extensive analysis of a “complex criminal infrastructure.”

The breach was first disclosed in December 2020, with the Finnish Security and Intelligence Service (Supo) describing it as a state-backed cyber espionage operation designed to penetrate the Parliament’s information systems.

“The police have previously informed that they are investigating the hacking group APT31’s connections with the incident,” Poliisi said. “These connections have now been confirmed by the investigation, and the police have also identified one suspect.”

APT31, also called Altaire, Bronze Vinewood, Judgement Panda, and Violet Typhoon (formerly Zirconium), is a Chinese state-backed group that has been active since at least 2010.

Earlier this week, the U.K. and the U.S. blamed the adversarial collective for engaging in a widespread cyber espionage campaign targeting businesses, government officials, dissidents, and politicians.

Seven operatives associated with the group have been charged in the U.S. for their involvement in the hacking spree. Two of them – Ni Gaobin and Zhao Guangzong – have been sanctioned by the two nations, alongside a company named Wuhan XRZ, which allegedly served as a cover for orchestrating cyber attacks against critical infrastructure.

“Guangzong is a Chinese national who has conducted numerous malicious cyber operations against U.S. victims as a contractor for Wuhan XRZ,” the U.S. Treasury said. “Ni Gaobin assisted Zhao Guangzong in many of his most high profile malicious cyber activities while Zhao Guangzong was a contractor at Wuhan XRZ.”

In July 2021, the U.S. and its allies implicated APT31 in a widespread campaign exploiting zero-day security flaws in Microsoft Exchange servers with the goal of likely “acquiring personally identifiable information and intellectual property.”

China, however, has hit back against the accusations that it’s behind the hacking campaign targeting the West. It has accused the Five Eyes (FVEY) alliance of spreading “disinformation about the threats posed by the so-called ‘Chinese hackers.'”

“We urge the U.S. and the U.K. to stop politicizing cybersecurity issues, stop smearing China and imposing unilateral sanctions on China, and stop cyberattacks against China,” China’s Foreign Ministry Spokesperson Lin Jian said. “China will take necessary measures to firmly safeguard its lawful rights and interests.”

Dec 29, 2023NewsroomCyber Attack / Web Security

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week.

“These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said.

One Albania, which has nearly 1.5 million subscribers, said in a Facebook post on December 25 that it had handled the security incident without any issues and that its services, including mobile, landline, and IPTV, remained unaffected.

AKCESK further noted that the intrusions did not originate from Albanian IP addresses, adding it managed to “identify potential cases in real-time.”

The agency also said that it has been focusing its efforts on identifying the source of the attacks, recovering compromised systems, and implementing security measures to prevent such incidents from happening again in the future.

What’s more, AKCESK said the incident has prompted it to review and strengthen its cybersecurity strategies.

The exact scale and scope of the attacks are currently not known, but an Iranian hacker group called Homeland Justice claimed responsibility on its Telegram channel, alongside stating that it had hacked flag carrier airline Air Albania.

In a message shared on its website on December 24, the outfit said it is “back to destroy supporters of terrorists,” alongside adding the following tags: #albania, #albaniahack, #CyberAttacks, #mek, #MKO, #ncri, #NLA, #pmoi, #Terrorists.

The development comes more than a year after Albanian government services were targeted by destructive cyber attacks in mid-July 2022.

Homeland Justice claimed responsibility for those attacks as well. The development subsequently prompted the U.S. government to sanction Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmail Khatib, for engaging in cyber-enabled activities against the U.S. and its allies.