The Ministry for Foreign Affairs exposes cyber espionage campaign against Finnish diplomats
MINISTRY For Foreign Affairs said on Friday that it had been investigating cyber espionage cases against Finnish diplomats working abroad for months.
The espionage was carried out using the Pegasus spyware program, developed, marketed and licensed by the Israeli NSO Group. Advanced software infiltrates smartphones, typically through so-called zero-click attacks, by exploiting vulnerabilities in the operating system on a zero-day basis.
Spyware programs can gain administrator privileges on an infected device and, in theory, collect and send all information to an attacker.
Matti ParviainenThe Director of Information Security at the Ministry for Foreign Affairs told Helsingin Sanomat that the researchers have been able to assess when spyware has been actively used, but did not comment further. The number, location and geographical location of diplomats whose phones were compromised during the campaign have not been reported.
“I could describe espionage as relatively long-lasting,” he replied when asked if the espionage took place over months or years.
The Foreign Ministry’s instructions state that the telephone may only process information that is either public or of the lowest security class. Disclosure of information at the lowest rating level also causes immediate harm to Finland’s interests, Parviainen said.
“We have to start from the assumption that the party who successfully installed the malware has received information that we did not want to publish or disclose to the party,” he summed up.
“I am not going to assess the consequences. It is quite clear that we need to take into account in our preparedness and decision-making that some issues, such as the preparation of positions, have fallen into the wrong hands.
Pegasus has been used to infiltrate the phones of numerous activists, journalists, politicians and researchers, according to reports published in mid-2021 by a group of journalists researching around the world. They revealed that spyware has been used by at least Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.
On Friday, Parviainen declined to comment on whether the party behind the cyber espionage has been identified, and reminded that even the ministry is not responsible for investigating the attacker.
– I refer to the NSO Group’s own reports that the product in question is being sold to state-owned operators. I won’t characterize anything about the countries in more detail, ”he said.
Aleksi Teivainen – HT