Twelve Norwegian ministries were hacked using a zero-day vulnerability

Pierluigi Paganini July 25, 2023

Threat actors exploited a zero-day flaw in third-party software in attacks against the ICT platform used by 12 Norwegian ministries.

The ICT platform used by twelve ministries of the Norwegian government was hacked, and threat actors have exploited a zero-day vulnerability in an unnamed third-party software.

Local authorities launched an investigation into the attack that was reported by the Norwegian Security and Service Organization (DSS) to the National Security Authority (NSM).

The DSS has set up a crisis team to investigate the incident with the NSM and other security agencies.

Norwegian ministries

“We have uncovered a previously unknown vulnerability in the software of one of our suppliers. This vulnerability has been exploited by an unknown actor. We have now closed this vulnerability. It is too early to say anything about who is behind it and the scale of the attack.” reads the statement published by DSS. “Our investigations and the police’s investigation will be able to provide more answers” says Erik Hope, director of the Departments’ Security and Service Organization (DSS).”

The Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs were not impacted by the attack because don’t use the platform.

The DSS also notified the Norwegian Data Protection Authority, a circumstance that suggests that threat actors may have stolen data from the ICT platform used by the Norwegian government.

In response to the incident, the DSS adopted several security measures; employees in the impacted ministries do not have access to DSS’s common mobile services, however, they can still work as normal on their computers in the office or at home.

“We monitor the systems continuously, and we introduce further measures if necessary. For the sake of the investigation, we cannot go out with more information at this time”, continues Hope.

The zero-day flaw exploited by the attackers has now been fixed.

At this time the Norwegian government has yet to attribute the attack to any threat actors.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Norwegian ministries)



you might also like

leave a comment