Finnish households and businesses are increasingly becoming targets of cyber espionage, with network devices being breached regularly for surveillance purposes.

The Finnish Security and Intelligence Service (Supo)  has confirmed numerous cases where espionage-related traffic has been routed through Finnish network devices.

"We have become aware of multiple instances where traffic related to intelligence operations has been directed through Finnish network devices," Supo stated in an email to Finnish broadcaster Yle.

The Finnish Transport and Communications Agency's Cybersecurity Center, part of TraficomSamuli, said that the center regularly receives reports of breaches into Finnish network devices, suspected to be motivated by espionage.

However, that the number of such incidents remains relatively small on an annual basis. These breaches affect both consumer and corporate devices, such as routers, firewalls, and network-attached storage servers.

Supo estimates that there are tens of thousands of devices in Finland capable of remote management. Routers, which connect other devices to the internet, are a common target for cyber spies who can use them to browse websites and log into services.

In espionage cases, intelligence agencies break into a router and use it to direct their cyber-attacks towards the actual target. Supo clarified that using a router doesn’t necessarily simplify the task of conducting a data breach. However, it does make detecting the breach more challenging, as the espionage-related traffic appears to come from a Finnish IP address.

According to Supo, the entities behind these attacks are generally not interested in the data of individual users. Espionage is a method of obtaining information that a state is interested in but cannot access through legal means. This information might pertain to a company’s product development or the political decision-making process of the target country.

Supo emphasized that illegal cyber espionage is particularly prevalent among “non-democratic states.” Russia and China, in particular, are known to conduct espionage operations against Finland.

In addition to espionage, the Cybersecurity Center has reported that Finnish household network devices are also breached to carry out distributed denial-of-service (DDoS) attacks. Finland experiences DDoS attacks on a daily basis. These attacks create congestion that can disrupt the use of online services, preventing new users from accessing them, although the service itself may not be fully incapacitated.

Supo believes that different entities, using various methods, are responsible for cyber espionage and DDoS attacks. “The goal of those conducting DDoS attacks is to make a statement and create the perception that they can disable digital services. When state actors are involved, it's primarily a form of information warfare.”