The Norwegian government’s ICT platform, utilized by twelve ministries, faced a cyberattack caused by exploiting a zero-day vulnerability in third-party software. The attack prompted investigations by the Norwegian Security and Service Organization (DSS), engaging the National Security Authority (NSM) and the police. The Norwegian Data Protection Authority was also notified, raising concerns about potential data breaches and sensitive information exposure.
Furthermore, despite the gravity of the incident and the platform’s critical role in government operations, the authorities reassure that work activities continue as usual.
Additionally, DSS took immediate action, implementing security measures to safeguard information on the affected ICT platform. A crisis team was set up to lead the investigation, collaborating with NSM and other security experts.
At the same time, DSS’s director general, Erik Hope, confirmed that the cyberattack exploited a zero-day vulnerability in a government-used application. While the flaw has been fixed, additional security measures were enacted, such as restricting remote access via mobile devices for ministry employees.
However, details regarding the vulnerable software remain undisclosed, raising concerns about the potential impact on organizations in other countries.
As the investigation is ongoing, attributing the attack to specific hackers or estimating its full scope is premature. The government relies on the ongoing police investigation to shed light on the matter and determine the extent of the breach, emphasizing the significance of addressing this cyber threat to ensure future security.
