Norwegian government IT systems hacked using zero-day flaw


The Norwegian government is warning that its ICT platform used by 12 ministries has suffered a cyberattack after hackers exploited a zero-day vulnerability in third-party software.

This platform is used by twelve ministries in the country, except for the Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs.

The Norwegian Security and Service Organization (DSS) informed the National Security Authority (NSM) when the cyberattack was discovered and engaged the police, who are currently investigating the incident.

The Norwegian Data Protection Authority has also been notified about the cyberattack, indicating that the hackers might have accessed and/or exfiltrated sensitive data from the ICT system, leading to a data breach.

Despite the compromised platform’s critical role in the government’s daily operations, the recent cyberattack will not necessitate a halt in work activities.

“It is important to stress that the government is continuing to work as normal,” explains DSS’s public notice.

“DSS has initiated a number of security measures to protect the information on the affected ICT platform.”

“DSS has set up a crisis team, and is investigating and handling the incident with assistance from the National Security Authority (NSM) and other security experts.”

DSS’s director general, Erik Hope, stated that the hackers breached the ICT platform through a zero-day vulnerability in an application used by the government.

The flaw has now been fixed, and the agency has implemented additional security measures like restricting remote access via mobile devices for ministry employees to DSS’s ICT platform.

Unfortunately, DSS has not provided any details about the vulnerable software, so it is unclear if this concerns a novel attack wave that might also impact organizations in other countries.

Hope commented that it’s too early to attribute the attack to any specific hackers or estimate the scope of the attack, and the government is relying on the ongoing police investigation to shed light on these matters.



Source link