The Finnish parliament has reported that a hack attack on its data system occurred at some point in the autumn of 2020.
The parliament's communication department explained the cyberattack was detected during internal technical surveillance and may have compromised the data security of some e-mail accounts, including accounts assigned to and used by MPs, national broadcaster Yle reported.
The National Bureau of Investigation (KRP) has opened a pre-trial inquiry into the data breach, classified as an aggravated computer break-in and espionage.
"The act was neither random nor accidental", KRP detective chief inspector Tero Muurman said. "One of the possibilities at this point is that unknown attackers may have carried out the hacking to obtain information that either benefits a foreign state or harms Finland".
He emphasised the exact extent of the breach and the number of people targeted cannot be revealed without compromising the ongoing pre-trial investigation.
According to KRP, they're cooperating with the Security Police regarding the case. International cooperation has also been included in the matter.
Speaker of the Parliament Anu Vehviläinen of the Centre Party described the cyberattack as a serious assault on democracy and society in Finland.
"We must not tolerate any kind of hostile cyberactivity, be it by a governmental or non-governmental entity", she stated in a press release, emphasising the need for national measures and active cooperation both within the EU and internationally to strengthen cyber security.
The parliament said that it won't comment further on the case at present because the investigation is ongoing.
President Sauli Niinistö called the cyberattack on the parliament a "serious violation of Finnish democracy and public order". He emphasised that it is important to find out who is behind the incident and develop protection mechanisms against similar attacks.
Muurman stressed that it remains premature to speculate whether the attackers can be brought to justice. He also refused to comment further on the nature of the incident and the techniques being used in the investigation, saying investigators are operating under the assumption that the attacker is monitoring news reports of the incident.
"We have to assume that also the attacker is reading the news, so naturally we don't want them to get wind of how the incident is being investigated through the media", he explained.
Nevertheless, KRP assured that the investigation was "progressing well" and that information is being collected via various methods and from various sources.
"The case is exceptional in Finland, serious given the target in question, and regrettable for the victims", Muurman concluded.
Earlier this month, neighbouring Sweden reported a major hack attack against large corporations and its Space Company, described as one of the largest in the country's history. The attack reportedly started in March and went undetected for months, compromising their security.
