Cyber Incident Victim: Helsinki, Finland

In fall 2020, hackers breached the Finnish Parliament’s internal IT system, gaining access to email accounts belonging to multiple members of Parliament (MPs). The intrusion was discovered in December 2020 by the Parliament’s IT staff, who subsequently reported the incident to the Finnish Central Criminal Police (KRP). Commissioner Tero Muurman confirmed the attack caused no damage to the Parliament’s IT infrastructure but emphasized it was a deliberate act rather than an accidental breach. The KRP launched a criminal investigation classified as "suspected espionage," with Muurman stating one possible motive involved foreign state actors seeking to obtain information or harm Finland. While the breach impacted more than one MP, authorities declined to disclose exact victim numbers to avoid compromising the ongoing probe. Muurman described the incident as exceptional in Finland’s history due to the high-profile nature of the target and its serious implications for national security.

The KRP disclosed international collaboration in its investigation but provided no specifics about foreign partners or technical attribution. The breach shared operational similarities with a contemporaneous attack on Norway’s parliamentary email systems, which Norwegian authorities attributed to APT28—a group linked to Russia’s GRU military intelligence. Microsoft reporting noted APT28’s increased use of credential stuffing and brute-force attacks against email accounts during this period, though Finnish officials did not formally connect their incident to any specific threat actor. Finnish investigators focused on confirming the scope of compromised accounts and securing systems while maintaining operational secrecy around forensic findings. No public evidence indicated data exfiltration or secondary impacts beyond unauthorized email access.