{ "id": "48a61332-49b0-4c94-b782-5cb141d63f8c", "created_at": "2026-04-06T00:10:31.907135Z", "updated_at": "2026-04-10T03:36:59.325471Z", "deleted_at": null, "sha1_hash": "0c96bad5a74e01b4630463e2d2a07de37287b2a7", "title": "Finnish Parliament attackers hack lawmakers\u0026rsquo; email accounts", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3775225, "plain_text": "Finnish Parliament attackers hack lawmakers\u0026rsquo; email accounts\r\nBy Sergiu Gatlan\r\nPublished: 2020-12-28 · Archived: 2026-04-05 15:03:12 UTC\r\nImage: Magnus Fröderberg\r\nThe email accounts of multiple members of parliament (MPs) were compromised following a cyberattack as revealed today\r\nby the Parliament of Finland.\r\n\"Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that\r\nbelong to MPs,\" Parliament officials said.\r\nhttps://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe malicious activity was detected by the parliament's security team during the fall of 2020 and it is currently investigated\r\nby the National Bureau of Investigation (NBI).\r\nParliament Speaker Anu Vehviläinen said that this incident is a serious attack on Finnish society and democracy.\r\n\"We cannot accept any kind of hostile cyber activity, whether carried out by a governmental or non-governmental body,\"\r\nVehviläinen said.\r\n\"In order to strengthen cybersecurity, we need our own national measures as well as active action at the EU level and in\r\nother international cooperation. While the investigation is pending, Parliament will not comment on the matter at this stage.\"\r\nPotential espionage attempt\r\nFinland's Central Criminal Investigation Department has begun looking into the Finnish Parliament data breach at the end of\r\nthe autumn and the case is also being investigated as a suspected espionage incident.\r\n\"At this stage, an alternative is that unknown threat actors behind the data breach have been able to obtain information either\r\nto benefit a foreign state or to harm Finland,\" NBI Detective Inspector Tero Muurman said in a statement.\r\n\"The intrusion has been directed at more than one person, but unfortunately we can not, without jeopardizing the ongoing\r\ninvestigation, tell how many people are involved.\r\n\"This incident is exceptional for Finland, serious because of the attack's target and sad for the victims.\"\r\nSimilar attacks against Norwegian and German Parliaments\r\nAnother Scandinavian country, Norway, disclosed a strikingly similar incident with attackers compromising email accounts\r\nbelonging to Norwegian Parliament representatives and employees in August 2020.\r\nNorway's Minister of Foreign Affairs Ine Eriksen Søreide revealed in October that Russian state-sponsored hackers were\r\nbehind the August 2020 cyber-attack, stealing data from each of the hacked email accounts.\r\nAfter concluding the attack investigation, the Norwegian Police Security Service said earlier this month that the Russian\r\nstate-sponsored APT28 hacking group was likely behind the attack.\r\nAPT28 operators hacked a large number of Stortinget email accounts via brute-force and logged into a limited number of\r\naccounts.\r\nRussia officially denied Norway's accusations saying that they aren't based on evidence. \"As usual, accusations are posed\r\nwith no effort made to present any proof or to propose to discuss the incident at an expert level,\" Konstantin Kosachev, the\r\nhead of the Russian Federation Council Committee on Foreign Affairs, said in a statement.\r\nIn October, the Council of the European Union announced sanctions against multiple APT28 members for their involvement\r\nin the 2015 hack of the German Federal Parliament (Deutscher Bundestag) which also led to the breach of several\r\nhttps://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/\r\nPage 3 of 4\n\nparliament members' email accounts.\r\nThe same month, the US Cyber Command shared info on malware implants used by Russian hacking groups in attacks\r\nagainst several national parliaments, ministries of foreign affairs, and embassies.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/\r\nhttps://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/finnish-parliament-attackers-hack-lawmakers-email-accounts/" ], "report_names": [ "finnish-parliament-attackers-hack-lawmakers-email-accounts" ], "threat_actors": [ { "id": "730dfa6e-572d-473c-9267-ea1597d1a42b", "created_at": "2023-01-06T13:46:38.389985Z", "updated_at": "2026-04-10T02:00:02.954105Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "Pawn Storm", "ATK5", "Fighting Ursa", "Blue Athena", "TA422", "T-APT-12", "APT-C-20", "UAC-0001", "IRON TWILIGHT", "SIG40", "UAC-0028", "Sofacy", "BlueDelta", "Fancy Bear", "GruesomeLarch", "Group 74", "ITG05", "FROZENLAKE", "Forest Blizzard", "FANCY BEAR", "Sednit", "SNAKEMACKEREL", "Tsar Team", "TG-4127", "STRONTIUM", "Grizzly Steppe", "G0007" ], "source_name": "MISPGALAXY:APT28", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e3767160-695d-4360-8b2e-d5274db3f7cd", "created_at": "2022-10-25T16:47:55.914348Z", "updated_at": "2026-04-10T02:00:03.610018Z", "deleted_at": null, "main_name": "IRON TWILIGHT", "aliases": [ "APT28 ", "ATK5 ", "Blue Athena ", "BlueDelta ", "FROZENLAKE ", "Fancy Bear ", "Fighting Ursa ", "Forest Blizzard ", "GRAPHITE ", "Group 74 ", "PawnStorm ", "STRONTIUM ", "Sednit ", "Snakemackerel ", "Sofacy ", "TA422 ", "TG-4127 ", "Tsar Team ", "UAC-0001 " ], "source_name": "Secureworks:IRON TWILIGHT", "tools": [ "Downdelph", "EVILTOSS", "SEDUPLOADER", "SHARPFRONT" ], "source_id": "Secureworks", "reports": null }, { "id": "ae320ed7-9a63-42ed-944b-44ada7313495", "created_at": "2022-10-25T15:50:23.671663Z", "updated_at": "2026-04-10T02:00:05.283292Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "APT28", "IRON TWILIGHT", "SNAKEMACKEREL", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127", "Forest Blizzard", "FROZENLAKE", "GruesomeLarch" ], "source_name": "MITRE:APT28", "tools": [ "Wevtutil", "certutil", "Forfiles", "DealersChoice", "Mimikatz", "ADVSTORESHELL", "Komplex", "HIDEDRV", "JHUHUGIT", "Koadic", "Winexe", "cipher.exe", "XTunnel", "Drovorub", "CORESHELL", "OLDBAIT", "Downdelph", "XAgentOSX", "USBStealer", "Zebrocy", "reGeorg", "Fysbis", "LoJax" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434231, "ts_updated_at": 1775792219, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/0c96bad5a74e01b4630463e2d2a07de37287b2a7.pdf", "text": "https://archive.orkl.eu/0c96bad5a74e01b4630463e2d2a07de37287b2a7.txt", "img": "https://archive.orkl.eu/0c96bad5a74e01b4630463e2d2a07de37287b2a7.jpg" } }