Zero-day vulnerability exploited in cyberattack on Norwegian government’s IT systems

On July 24, 2023, the Norwegian government announced that its ICT platform, used by 12 of its ministries, had been compromised in a cyberattack. The attack was carried out by exploiting a zero-day vulnerability in third-party software. The Norwegian Security and Service Organization (DSS) discovered the attack and promptly informed the National Security Authority (NSM). The police are currently investigating the incident.

The Norwegian Data Protection Authority was also notified, suggesting that the hackers might have accessed and/or exfiltrated sensitive data from the ICT system, potentially leading to a data breach. Despite the critical role of the compromised platform in the government’s daily operations, the cyberattack did not necessitate a halt in work activities.

The DSS has initiated several security measures to protect the information on the affected ICT platform and has set up a crisis team. The director general of DSS, Erik Hope, stated that the hackers breached the ICT platform through a zero-day vulnerability in an application used by the government. The flaw has now been fixed, and additional security measures have been implemented, such as restricting remote access via mobile devices for ministry employees to the DSS’s ICT platform.

Unfortunately, the DSS has not provided any details about the vulnerable software, so it’s unclear if this concerns a novel attack wave that might also impact organizations in other countries. It’s too early to attribute the attack to any specific hackers or estimate the scope of the attack, and the government is relying on the ongoing police investigation to shed light on these matters.

No link has been made to recent zero day announcements however it does offer several possibilities.

  1. Cyber-Attack Strikes Norwegian Government Ministries – Infosecurity Magazine: This article reports that twelve of Norway’s ministries fell victim to a cyber-attack.
  2. Who’s Hacked? Latest Data Breaches And Cyberattacks – Cybercrime Magazine: This page provides security intelligence from around the world, including the cyberattack on the Norwegian government.
  3. 3rd July – Threat Intelligence Report – Check Point Research: While this blog post does not specifically mention the Norwegian government, it provides technical insights into malware payloads and the disclosure of stolen files.