The Finnish government's computer networks have been breached by malware for years, and it is possible secure communications have been compromised, the Finnish Ministry for Foreign Affairs confirmed last week.
The malware was discovered in January but it was in place for years before being discovered, said Ari Uusikartano, director general of the Information and Documentation Division of the Ministry for Foreign Affairs of Finland. The government kept the breach secret until a Finnish TV station reported it.
"My estimate is that it has been active about two or three years," before it was discovered, said Uusikartano. There are indications that information with the lowest level security classification has been compromised, he said.
Immediately after the breach was discovered, the Finnish police started an investigation that is still ongoing, said Uusikartano.
The malware used to spy on the Finnish government resembles malware used in a spying operation dubbed "Red October", but it is more advanced than that, said Uusikartano. "That is why it was able to penetrate our defenses," he said.
Red October is an espionage campaign that was uncovered by researchers from antivirus firm Kaspersky Lab in January. During that campaign, unidentified attackers stole sensitive information from hundreds of diplomatic, government, research and military organisations from around the world, using highly customised and sophisticated data theft malware, according to Kaspersky.
"When we announced it, the Red October campaign was ongoing for at least six years, with thousands of modules being created and deployed to hundreds of high profile victims worldwide," said Costin Raiu, director of Kasperky Lab's global research and analysis team.
It is possible that Red October was just one campaign from the same actor, and there could be others that haven't been discovered yet, Raiu said.
Finnish media reported that Russian and Chinese intelligence organisations could be behind the attack, but the government spokesman maintained that the perpetrator is still unknown.
Kasperky's analysis indicated that the Red October attackers were proficient in the Russian language, said Raiu, but he added that this does not have to mean that the attackers were Russian.
Besides Finland, other countries could be the victim of the same attack, said Uusikartano. "There are indications that this is not a strictly Finnish problem," he said, adding that Finland has discussed this matter with several European countries. He declined to name the other countries. The matter has also been discussed in Brussels in European Union circles, he added.
While Kasperksy has no independent information on this specific incident in Finland, Raiu said that Red October infections were observed in many EU countries, including government organisations.
Since January, the number of Red October victims has been decreasing. Nevertheless, there are still victims in countries including Belgium, Romania, Croatia, the UK, Estonia, Lithuania, Slovakia, the Netherlands and Germany, he said.