Finland makes hacking complaint as EU prepares for cyberwarfare surge

Officials working for the Finnish foreign office have complained of being hacked while abroad, alleging that the attacks were likely state-sponsored.

The complaints have again raised the issue of state-sponsored cyberwarfare and the implications for businesses caught in the crossfire.

The risk has been heightened further by the escalating military aggression from Russia in Ukraine and the prospect of a surge in cyber warfare from Russia, so much so that the EU has been conducting cybersecurity exercises based on a scenario where a state-sponsored attack targets hospitals, power plants and other critical infrastructure across Europe.

The Finnish government made its allegation of cyber espionage at the end of January, stating that diplomats working abroad had been the victims of a sophisticated cyberattack.

The officials were targeted though Pegasus software developed by Israeli spyware company NSO Group, according to the Finnish Foreign Ministry.

“The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part,” stated the Foreign Ministry.

“Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features.”

According to Finland’s ambassador for cybersecurity, Jarmo Sareva, no sensitive data would have been at risk from the attacks. He stated that the information stored on the targeted phones would either have been public or low-level classified data, according to government protocols.

Sareva did not say how many diplomats were targeted or where they were stationed. Nor did he name the state believed to be behind the attack, saying: “We have our suspicions of course.”

The director of the Finnish Security and Intelligence Service, Antti Peltarri, added that a “state actor of some kind” was behind the attack and stressed the importance of keeping valuable data off a mobile phone, which was described as a “vulnerable tool”.

The Pegasus software has been at the centre of a number of allegations regarding state-sponsored cyber espionage in recent months, including journalists in Mexico and Saudi Arabia, US state department employees, UK attorneys, Palestinian human rights activists and critics of the far-right government in Poland.

The company that produces the software, NSO, stated that the spyware is only sold to governments primarily for counterterrorism use and each sale is subject to approval from the Israeli Defence Ministry.

NSO further stated that it has no access to the data that is collected and while it has no control over how clients use the software, it has terminated a number of contracts due to inappropriate use.

The threat of state-sponsored warfare has increased further in recent days due to the military tensions in Ukraine.

This has been recognised within Europe, as demonstrated by a large-scale cybersecurity exercise carried out by EU diplomats earlier this year under the EU Cyber Crisis Linking Exercise on Solidarity (EU CyCLES) group.

According to a memo from the Council of the European Union published by British civil liberties group Statewatch, the action was prompted by “the marked increase in malicious cyber activities aimed at undermining our democratic values and the security of the core functions of our societies”.

The memo added that the EU currently “does not have an integrated framework for the effective implementation of mechanisms for mutual assistance, cooperation and coordinated response in the event of a major cyber crisis”.

In the EU CyCLES exercise, the cyberattack originates from a fictional state called ‘Blueland’, which is described as “an authoritarian state” within the EU neighbourhood that “positions itself as a global power aiming to strengthen its influence worldwide”.

“To be realistic, the scenario is based on situations that have already occurred in real life or that we fear could occur in a near future,” added the memo.

Mikko Hyppönen, chief research officer at Finnish cybersecurity firm F-Secure, told online news site EUObserver that the scenario was “realistic” and “good to rehearse for”, adding that the most likely attackers in the exercise are “Russia, Russia and Russia”.

Back to top button