According to local media, the cyberattack on the Norwegian ministries was made possible after unknown attackers exploited a new patch 0-day vulnerability.
Norwegian authorities are currently conducting a thorough investigation into a large-scale cyberattack that has targeted twelve government ministries. The attack, which was discovered earlier this month, has raised concerns about the nation’s cybersecurity readiness and the potential implications for sensitive government data.
Erik Hope, Director of the Norwegian ministries’ security and service organization, addressed the media during a press briefing, revealing that the attackers exploited a previously unknown vulnerability in the software of one of their suppliers.
“We have uncovered a previously unknown vulnerability in the software of one of our suppliers,” said Hope. “This vulnerability has been exploited by an unknown actor. We have now closed this vulnerability. It is too early to say anything about who is behind it and the scale of the attack. Our investigations and the police’s investigation will be able to provide more answers.”
Erik Hope
As of now, the Norwegian Data Protection Authority has been notified to address any privacy concerns arising from the incident.
While the attack has caused disruptions in the affected ministries, the government’s core operations have remained largely unaffected. The Prime Minister’s services, defense, foreign affairs, and justice departments were shielded from the attack as they operate on separate and secure platforms.
Workers in the affected ministries have encountered challenges when trying to access standard mobile services, including email. However, officials have assured the public that essential government functions are continuing without interruption.
In a comment on the incident, Chris Hauk, consumer privacy champion at Pixel Privacy, told Hackread.com that “This incident emphasises how important it is for organisations to not only keep their own systems and software updated to plug security holes but to do regular supply chain checks to make sure all other organisations in the chain are also performing regular updates and security checks on a regular basis.”
“I do admire how the government official, Eric Hope, didn’t offer up the usual platitudes we hear after data breaches. Instead, he laid it out as “We screwed up, and now it’s fixed.” That’s refreshing,” Hauk added.
Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems (ACDS), also commented on the cyberattack stating, “While details on the latest attack are limited, it does appear that business systems like email were affected for up to a dozen government agencies in Norway. This is yet another reminder of the urgency needed to assess and mitigate security vulnerabilities in suppliers, as this attack has been attributed to a weakness in an IT supplier.”
Wilkes warned that “With the MOVEit attack earlier this year and countless others like the VMware attacks and SolarWinds, it is crucial that organisations regularly review the permissions and privileges granted to systems and software they use. Limiting access, relying on the principles of least privilege and just-in-time access provisioning (versus having an admin account used every day for all non-admin functions) are some of the ways businesses and government teams can mitigate risks posed by vulnerabilities in suppliers’ tools.”
Norway’s vulnerability to cyber threats has been evident in recent times. In 2020 and 2021, the Norwegian Parliament experienced cyberattacks, with some of them being attributed to Russian hackers.
Earlier this month, the Norwegian Refugee Council also reported a cyberattack targeting a database containing the personal information of project participants, adding to the growing concerns over the nation’s cybersecurity landscape.
The investigation into the current cyberattack is ongoing, and authorities are implementing additional measures to bolster their cybersecurity defences. With cyber threats on the rise globally, Norway’s authorities are treating the incident with utmost seriousness and vigilance.
As the situation unfolds, government officials and cybersecurity experts are closely monitoring the situation to ascertain the full extent of the breach and identify those responsible for the attack.
RELATED ARTICLES
- SmugX: Chinese Hackers Targeting Embassies in Europe
- Chinese Group Storm-0558 Hacked European Govt Emails
- Killnet Hits European Parliament Website with DDoS Attack