Kremlin-backed APT28 doesn't even bother hiding its attacks, says Finnish secret police
Supo: Espionage rising, attacks on infrastructure falling
The Finnish Security Intelligence Service Supo is complaining that nation-state-level attackers aren’t even bothering to hide themselves from prying eyes.
That news comes in the agency’s review of intelligence activity in 2016, announced here.
The major trends in cyber-intelligence Supo highlights in the report are increasing attacks against Finland’s foreign and security infrastructure, espionage attempts, and actors abusing Finnish data networks “in espionage targetting third countries.”
On the other hand, attacks against critical infrastructure fell sharply in 2016.
Regarding attempts to compromise the country’s “foreign and security policy,” the report notes: “Most observations were related to an APT28/Sofacy attack in which no particular effort was made to conceal the activity ... It is justified to assume that also the number of cases which have not come to the authorities’ knowledge has increased.”
APT28 has been blamed for attacks on Georgia, Eastern Europe, NATO, the Organization for Security and Co-operation in Europe, and in 2014, FireEye went public linking the group to the Kremlin.
Other tags hung on the group are Sofacy, Pawn Storm and Fancy Bear.
Supo said it saw several cases of intelligence gathering attempts in data networks, focussed on what seems to be identity fraud against a small number of key personnel in government and business.
In such cases, the report says, “Finnish authorities do not have the competence to identify or counter such information gathering systematically” – so individuals and employers need to be vigilant. ®