Finland's secret police claim that foreign espionage is on the rise, to the extent that Russian nation state hackers are working together with spies to befriend unsuspecting Finns so they can extract sensitive information and trade secrets about Finnish government agencies and companies from them.
The Finnish Security Intelligence Service (known as Supo) has released a report reviewing its efforts to protect national security in 2016. One key section in the report relates to an increase in foreign state actors who have been detected trying to hack into Finnish computer networks to gain access to sensitive data.
In particular, Supo has highlighted cyber-intrusions made by APT28, a notorious Russian hacking group also dubbed Fancy Bear, which is hacking into Finnish networks frequently and without even bothering to hide its tracks. Multiple cybersecurity firms believe that this group is linked to the Kremlin's intelligence services, following comprehensive analysis of the hackers' techniques and choice of malware.
"In 2016, observations which are related to network espionage directed at Finland's foreign policy and security policy increased. Attacks against Finnish companies were brought to the attention of the Security Police more than ever before," the report (translated from Finnish) reads.
"The majority of the observations have been connected to the APT28/Sofacy attack in which no particular effect was made to hide the operations. One can suppose justifiably that the number of the cases that were not detected by the authorities has also increased."
If hacking doesn't work, spy befriends target in person
The secret service also reported several incidences where foreign spies have targeted specific individuals – not just to steal data from the companies they work at – but also to try to steal sensitive information and trade secrets by befriending a target under false pretenses.
The process, as explained by Supo, works like this: the hackers are trying to find out a trade secret, so they research a target that works at the company or organisation that they need information from. They build a thorough report on where the person lives, where they go to the gym, what seminars they attend for work.
A spy then befriends the person, sometimes for several years, in order to gain their trust and get them to reveal important sensitive information, and then the spy melts away without the Finnish authorities being any wiser.
"The risk applies only to a small part of Finns but the key persons should identify the risks which are related to both their civilian addresses and their communication equipment. Employers are not able to protect the personal information of their staff. The Finnish authorities do not have authority either to identify and systematically prevent this kind of acquisition of information," Supo wrote.
APT28 isn't even bothering to hide their cyberattacks
APT28 has been connected with the cyberattacks on the Democratic National Committee (DNC) in 2016 by the US Intelligence Community (IC), which claims the hacking group performed numerous cyberattacks to try and influence the 2016 US presidential elections with a mixture of misinformation and leaks.
Cybersecurity firm FireEye analysed APT28's hacking techniques in January and found that the hacking group uses spear phishing, exploit kits, fake internet addresses, the spread of malware and compromises web-facing servers in order to gain access to sensitive information.
The group is also known to exploit zero day vulnerabilities in Adobe Flash Player, Java and Windows, as well as registering website domains that closely resemble legitimate URLs to help them trick victims into entering their password on fake login pages.