Skip to Content

Foreign intelligence services use corporate and personal network routers for cyber espionage

Publication date 10.3.2021 13.00
Press release

Supo has observed that the intelligence services of authoritarian states have been exploiting dozens of network devices and servers of Finnish individuals and businesses in cyber espionage operations. It pays to review the settings of routers and other devices connected to your network.

Supo has noticed an increase in cyber espionage exploiting Finnish infrastructure. The cyber espionage divisions of intelligence services in authoritarian states in particular have exploited dozens of network devices and servers operated by individuals and businesses in Finland by linking them into an infrastructure used for espionage.

This involves routing intelligence service operation traffic through a Finnish network device, so that the attack on the organisation targeted by espionage appears to come from an organisation or a private individual in Finland.

Supo has already contacted some businesses and individuals whose hardware has been hacked in this way. The goal was never to obtain information contained in the hacked devices, as the perpetrator only used them as a means of securing access to the real espionage target.

Devices are often accessed using default passwords - check your hardware settings

The latest Supo findings suggest that home routers and network storage systems are the most typical hacked hardware devices. Using default passwords and otherwise insecure settings have allowed this hacking.

Supo recommends ensuring that you have taken at least the following steps to improve the security of your router:

  • Block external access to the router control panel from the Internet.
  • Change the default password so that it is as long as possible and hard to guess. The recommended password length is at least 20 characters.
  • Close any open ports on the router that you do not need to use.
  • Always update the router firmware to the latest version.

You should always apply the same precautions with online storage devices accessible over the Internet and any other networked devices, such as home appliances, cameras and even vacuum cleaners.

Cyber espionage has increased during the coronavirus pandemic

The intelligence services of foreign powers have expanded their cyber espionage operations during the coronavirus pandemic. Cyber espionage that directly affects Finland falls under two broad headings: either directly targeting Finnish organisations or using Finnish infrastructure.

Cyber espionage targeting Finnish organisations seeks information about them that is not otherwise available. Cyber espionage using Finnish infrastructure seeks to hack into network devices and servers located in Finland and link them into an infrastructure that is then used for a cyber espionage operation.