Norway’s government has reported that twelve of its ministries have fallen victim to a cyber-attack.
At a press conference earlier today, Erik Hope, the head of the government agency responsible for providing services to ministries, revealed that the cyber-attack was traced back to a vulnerability in one of the government’s suppliers.
However, the minister reassured the public that the weakness had been addressed promptly. Hope also said the attack detection was made possible by monitoring unusual traffic on the supplier’s platform.
Despite ongoing investigations by the police since the discovery on July 12, the minister did not divulge specific details about the incident. He emphasized that it was too early to ascertain the responsible party and the full extent of the attack’s impact.
“While conclusive evidence for this kind of attack is often hard to come by, given Norway’s geopolitical position, this bears all the hallmarks of a state-sponsored attack,” said Jamie Akhtar, CEO and co-founder of CyberSmart.
“Over the past 18 months, we’ve seen an increasing number of attacks directly targeting state infrastructure within countries broadly supportive of Ukraine.”
Read more about these attacks: Switzerland’s Security Report: Impact of Russia–Ukraine Conflict
At the same time, Hope clarified that some critical entities within the government, including the Prime Minister’s office, as well as the foreign, defense and justice ministries, were not affected. These ministries operate on a different IT platform, which acted as a protective measure.
Norway’s state sector has experienced cyber-threats before, as Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems (ACDS), pointed out.
In 2021, groups with ties to China targeted the Norwegian Parliament’s email systems. The following year, the pro-Russian hacker group known as Killnet launched a denial-of-service (DDoS) attack against Norwegian public service websites.
“This is yet another reminder of the urgency needed to assess and mitigate security vulnerabilities in suppliers, as this attack has been attributed to a weakness in an IT supplier,” Wilkes added.
For more information on securing software supply chains, you can read this analysis published by Infosecurity Magazine deputy editor, James Coker, on April 27.