Finnish Security Intelligence Service warns of rising espionage threats targeting internet-connected devices

Finnish households and businesses are regularly targeted for espionage through their internet-connected devices. The Finnish Security Intelligence Service (Supo) warned last year in its national security review that anyone with an unprotected device, such as a home router, could unwittingly enable foreign spying activities. There have been numerous instances where traffic related to intelligence operations was routed through Finnish devices.

The Finnish Communications Regulatory Authority’s Cyber Security Center is also aware of the issue. Director Samuli Bergström stated that they see regular reports of breaches related to suspected espionage, although the annual number of cases remains relatively small. “Fortunately, this is not a widespread phenomenon,” he noted.

Breaches are reported on both consumer and business devices, including routers, firewalls, and network storage servers. The increasing connectivity of devices has made it easier for state actors to conduct unauthorized remote operations aimed at accessing Finnish or allied nations’ information systems. According to Supo, there are tens of thousands of routers in Finland that allow for remote management, which cyber spies can exploit to browse websites and access services.

While the use of a router does not make data breaches easier, it can complicate detection since espionage-related traffic appears to come from a Finnish IP address. Supo estimates that the spying parties are often not interested in individual citizens’ data but rather about broader strategic information, with authoritarian states like Russia and China particularly focused on spying in Finland.

In addition, the Cyber Security Center reports that Finnish devices are also being compromised to execute denial-of-service attacks, which can disrupt online services by creating traffic congestion. Users are advised to keep their devices updated and avoid unsecured administrative interfaces to minimize risks.