Twelve Norwegian government ministries have fallen victim to a cyber attack, according to a press release issued on Monday.
It’s the latest in a series of attacks against the country, with some reports suggesting that it could be linked to Russian state-sponsored attackers.
Norway is Europe’s largest gas supplier, and it borders Russia along its northernmost tip. In June last year, the country’s state sector was hit by a DDoS (distributed denial-of-service) attack, which was attributed to a “criminal pro-Russian group”.
It’s therefore no surprise that commentators are speculating on further Russian aggression. Norway’s economy has soared since Russia’s invasion of Ukraine, with its political allies turning to the country for gas and oil after issuing embargoes on Russia.
The country is also one of NATO’s founding members, and it has provided financial aid for Ukraine throughout the war.
What went wrong?
Specific information about the cyber attack, beyond the fact that it targeted a dozen government ministries, has yet to be revealed.
In a press release, Erik Hope, the director of the Norwegian ministries’ security and service organisation, said that it “unusual” network traffic was uncovered on 12 July and was being investigated by the police.
What exactly was unusual about it remains unclear, but it’s thought to be connected to a “previously unknown vulnerability in the software” of one of the government’s suppliers.
Hope confirmed that the threat actor exploited that vulnerability, but it has now been closed. He added that “it is too early to say anything about who is behind it and the scale of the attack. Our investigations and the police’s investigation will be able to provide more answers.”
Authorities said that most government services were unaffected by the attack, which suggests that the cyber criminal didn’t deploy ransomware or some other form of malware that would severely affect the victims’ systems.
It is likely, however, that the crook accessed sensitive information – as this tends to be the primary motive for most cyber attacks, whether they’re financially or politically motivated.
Officials also noted that the twelve ministries impacted by the cyber attack were unable to access several mobile services, including email.
It’s unusual for a cyber criminal to shut down email systems unless they were targeting the provider themselves – simply because there is no clear reason to do this.
It’s therefore possible that the government itself limited mobile services to protect employees and prevent the attacker from leveraging their access through business email compromise scams.