Norway ‘s government is blaming Russia for the cyberattack that targeted the email system of the country’s parliament this summer.
At the end of August, Norway’s parliament Stortinget announced that it was the target of a major cyber-attack that allowed hackers to access emails and data of a small number of parliamentary representatives and employees.
“The parliament has recently been targetted in a vast cyber attack,” reads a statement from Norway’s parliament. “There have been intrusions in the email accounts of a few MPs and employees. Our analyses show that varying quantities of data have been downloaded,”
Stortinget director Marianne Andreassen confirmed that an investigation into the incident was ongoing, for this reason, she did not provide any detail on the possible origin of the attackers.
Norway’s intelligence agency confirmed the investigation in a tweet:
The administrative director revealed that the IT staff at the parliament had detected anomalies at the end of August and immediately adopted the necessary measure in response to the attack.
“We don’t know who’s behind it,” Marianne Andreassen told reporters.
According to the local press, the parliament’s IT staff shut down its email service to prevent hackers from exfiltrating sensitive data.
The Stortinget immediately notified the impacted representatives and employees about the security breach.
Now Norway ‘s government attributes the cyber attack to Russia-linked threat actors, but it did not share the details of its investigation.
“Based on the information the government has, it is our view that Russia is responsible for these activities,” foreign minister Ine Eriksen Soreide said in a statement. “This is a very serious incident, affecting our most important democratic institution.”
The government experts recommend organizations to follow guidelines on cyber security to mitigate the risk of cyber attacks.
In its annual threat assessment Norway’s PST domestic intelligence service warned of hacking attacks that represented a “persistent and long-term threat to Norway”.
Cyber attacks against infrastructures and entities in Norway are not so common.
In May 2020, Norway’s state investment fund, Norfund, suffered a business email compromise (BEC) attack, hackers stole $10 million.
On January 8, 2019 the Health South East RHF, that is the healthcare organization that manages hospitals in Norway’s southeast region (countries of Østfold, Akershus, Oslo, Hedmark, Oppland, Buskerud, Vestfold, Telemark, Aust-Agder and Vest-Agder), disclosed a security breach that may have exposed sensitive data belonging to more than half of the population.
The incident was announced by the South-Eastern Norway Regional Health Authority Helse Sør-Øst that detected an abnormal activity against computer systems in the region. The Authority notified the incident to local agencies as well as NorCERT.
In February 2017, the Norwegian intelligence agency PST confirmed that the country’s authorities were one of the targets of spear phishing attacks launched by the Russian APT 29 group.
According to the intelligence analysts the cyber operations have increased since the Russian annexation of the Crimea in 2014.
(SecurityAffairs – hacking, Norway)