The vulnerability of the Pulse Connect Secure vpn product, which has been actively exploited in the world, has led to data breaches in Finland as well.

Valtori, who is in charge of state IT services, said some agencies were attacked.

The server application used in the remote access service possibly allowed access to three Valtor servers.

- However, this is only a doubt.

It is also not yet known whether any progress has been made.

This is currently being investigated together with service provider Telia, the Central Criminal Police and the Cyber ​​Security Center.

For investigative reasons, the details cannot be explained in more detail, Valtor's acting.

CEO Mikko Vuorikoski said in a press release on Friday.


 It is possible that the target group will shrink or grow.

According to current information, the case concerns a limited number of government agencies, less than 10. It does not apply, for example, to Safety Network Services, which means the safety authorities' own network environment.

These include, for example, the police, the Border Guard, Customs, the Emergency Response Center, the Finnish Immigration Service and the Finnish Defense Forces.

Can the situation change yet?

- Of course, once such an investigation has been launched, we will go through the matter carefully.

It is possible that the target group will shrink or grow.

But every possible delineation has already been made at this stage, customer relations director Jouni Mustonen commented.

The Cyber ​​Security Center has published a bulletin on the vulnerability.

Security company FireEye has suggested that at least some of the attacks were perpetrated by hackers linked to the Chinese government.

Valtori takes a swing and hits it ...

- I cannot comment on this.

This is a matter under investigation, Mustonen says.

Mustonen also did not comment on whether government agencies were deliberately targeted or whether they were bystanders of the attack around the world.

For the time being, Mustonen cannot shed light on what kind of information could be stolen with this attack.

The most serious possible opening

According to FireEye, the vulnerability makes it possible to go beyond the victim’s network and bypass two-step identification.

The severity of the vulnerability is estimated to be high.

With the commonly used CVSS meter, the aperture received a full 10/10 points.

Mustonen does not know whether there are other victims of the same attack in Finland.

Valtori has protected all server-related server applications from the vulnerability with a temporary configuration change until the actual fix is ​​available.

Any hacked servers have been disabled and replaced with clean servers.

All Remote Access Services Remote access organizations have been asked to change the workstation user name password to a new one.

Valtori has filed a criminal report with the police and has reported it to the Security Police and the Office of the Data Protection Commissioner.

The attack occurred shortly after several hacking attempts were detected on a Microsoft Exchange server in Finland.

At least some of these were attacked by China.

  • Read more: Chinese spies struck Finland - one unifying factor in the series of data breaches