The computer attack against the ministries has been dropped – news Norway – Overview of news from various parts of the country

This summer it became known that twelve ministries were exposed to a computer attack. Now the Police Security Service (PST) states that they have concluded the investigation. – We have done what can reasonably be done, and the investigation has not been able to uncover sufficient information about which actors are behind this attack, or which individuals may be involved, says Terje Nedrebø Michelsen in charge of prosecution in PST to news. – The case is therefore dismissed. DELETED TRACE: The case has been difficult to investigate because the hackers have hidden their tracks, says prosecutor Terje Nedrebø Michelsen. Photo: Sunniva Linjord / news It was Kripos that started investigating the data attack, but it was later moved to PST. The case has been challenging to investigate. – The attack is meticulously planned and professionally carried out. There has been a great focus on hiding and erasing one’s tracks along the way, says Michelsen. The data attack against the ministries joins a number of serious IT incidents in recent years aimed at private and public organizations in Norway. The two most famous cases are the data breaches against the Storting in 2020 and 2021. Hacked e-mail system The data attack targeted the data platform of twelve ministries. The hackers got into the e-mail system of the various ministries, and had access to the ICT platform used in the government apparatus for at least two months, from April 2023 to July 2023. – What we have discovered is that ten e-mail accounts have been compromised. Those who were affected are characterized by the fact that they had administrator rights in this system. The investigation has not revealed what this has been used for further, says Michelsen. The hackers have used previously unknown vulnerabilities, also called zero-day vulnerabilities, in an IT system to synchronize e-mails to mobile devices in the data attack. PRESS CONFERENCE: On 24 July, it became known that 12 ministries were exposed to an extensive computer attack. Photo: Terje Bendiksby / NTB – It is a serious security problem, you can collect a lot of information from several sides, and in a bigger picture, that type of information will be essential for those who want to get hold of it, says Michelsen. As a result of the computer attack, the employees in the twelve affected ministries got a new e-mail solution and the old one was shut down. The ministries’ security and service organization (DSS) takes note of the closure, and assures that security has a high priority in DSS. – We follow ongoing advice, recommendations and assessments from national security authorities, says Director of DSS Erik Hope. More about the data attack The data attack targeted the data platform of twelve ministries. The Prime Minister’s office, the Ministry of Defence, the Ministry of Justice and Emergency Preparedness and the Ministry of Foreign Affairs were not affected by the attack. The Ministries’ Security and Service Organization (DSS) set up a crisis team on 12 July and went public about the incident on 24 July. It is public knowledge that three zero-day vulnerabilities in the software of the company Ivanti were used in the data attack. This means that Ivanti and the security community did not know about the security holes until it was discovered that they were being exploited by a malicious actor. DSS has received assistance from the National Security Authority, Mnemonic and Microsoft. Sophisticated state actor The threat actor has previously been described as an advanced and persistent threat actor (APT) by NSM. The description is used for actors who have the resources to commit targeted and sophisticated data attacks, and they often have a connection to other states. – The investigations show that this was probably carried out by a professional cyber actor, probably a state actor since the attack took place in a well-planned and sophisticated manner, says Michelsen. SERIOUS: The prosecutor in PST, Terje Nedrebø Michelsen, sees the computer attack as a serious security problem. Photo: Heiko Junge / NTB What PST has previously communicated through its threat assessments is that it is likely that there are four countries that could be behind this type of advanced attack, and these are China, North Korea, Russia and Iran. According to PST, the attack was carried out in such a way that traces and evidence were deleted along the way. The investigation has therefore not been able to uncover who is behind it. – What can you say about the motive for this data attack? – As no evidence was left along the way, it is difficult to say anything absolutely certain about what the motive was, says Michelsen. – But based on the potential actors that we believe may have been behind the attack, it would be natural to think that a motive is intelligence activities.



ttn-69