Multiple Norwegian Ministries Hit in Major Cyber Attack

Twelve Norwegian government ministries have been hit by a large-scale cyber attack, the Norwegian government has revealed today. 

The attack, which was uncovered on July 12 and was being investigated by police, was identified following “unusual” traffic on the suppliers’ platform. 

"We identified a weakness in the platform of one of our suppliers. That weakness has now been shut," Erik Hope, head of the government agency in charge of providing services to ministries, told a news conference.

"It is too early to say who is behind this and what is the extent of the impact (of the attack)," Mr Hope added. 

According to Hope, the Prime Minister’s Office, along with the ministries of defences, justice and foreign affairs were not affected because they use a different supplier. 

The government noted that it will continue to follow the developments in the case "closely," adding that the vulnerability in the software that was discovered and used by the hackers has been eliminated and all the affected entities continue to work as usual.

"Whilst this attack did not affect the Norwegian government’s operations, the disruption of public services can directly affect the lives of all of us and even lead to the breakdown of the everyday functioning of civilians and broader society," Simon Chassar, CRO at Claroty told EM360.  

This attack should be a warning to all local and national governments that critical public services and their cyber-physical systems must be secured, and that special priority attention must be given to OT and critical infrastructure environments.

"It’s important to implement network segmentation so unnecessary connectivity and the movement of malware can be restricted, as well as real-time monitoring and analysis to identify anomalies and potential intrusions quickly.”

Norway’s Cybersurge

The attack is just one of the latest attacks to hit Norway in recent months. Just last week, the Norweigan recycling firm Tomra was forced to take system its systems offline after an extensive data breach exposed critical infrastructure. 

Meanwhile, in June 2022, a distributed denial of service attack (DDoS) attack struck multiple Norweigan private and public institutions including the Labour Inspection Authority, which offers important financial services for citizens. 

In that attack, the government blamed a “criminal pro-Russian group,” but did not reveal which cybercriminal gang was behind the attack. 

“Cyber criminals have moved towards disrupting business or government infrastructure availability as a leverage point for financial or political gain," said Mr Chassar.

"The public sector has proven particularly vulnerable to these attacks, with criminals threatening critical national infrastructure like water supplies, transportation, and basic operations in local and national governments."

To read more about cyber attacks, visit our dedicated Business Continuity Page. 

The number of cyber attacks in Norway tripled between 2019 and 2021 according to the country's cyber security agency's latest risk assessment report in February, with the number of serious incidents in 2022 at the same level as in 2021.

Norway is Europe’s leading gas supplier after a drop in Russian gas flows since the country’s invasion of Ukraine and is Western Europe’s largest oil exporter. 

It is also a NATO member and has been supporting Ukraine with weapons humanitarian aid and money. It is yet to be known who is behind the attack.

Article updated on 07/24/2023 with comment from Simon Chassar.