The head of Norway’s National Security Authority (NSM), Sofie Nystrøm, issued a grave warning as the country grappled with a significant cybersecurity threat. Hackers successfully exploited two recently disclosed vulnerabilities in Cisco systems, compromising what Nystrøm described as “important businesses” in the nation.
While Nystrøm did not reveal the identities of the affected companies, she emphasized the severity of the situation and the need for a coordinated national response to address the zero-day vulnerabilities impacting Cisco IOS XE.
The attack was characterized as “very serious,” surpassing a previous incident that targeted DSS, Norway’s government support agency, resulting in hackers gaining access to sensitive data from several government ministries. Cisco had recently published security advisories, indicating that attackers were actively exploiting vulnerabilities (CVE-2023-20198 and CVE-2023-20273) with the former receiving a maximum Common Vulnerability Scoring System (CVSS) score of 10/10. Cisco provided an initial patch to address the issue, but by that time, numerous systems had already been compromised, with security experts uncovering potentially up to 40,000 compromised devices online.
The attackers adapted their tactics to evade detection, prompting a decline in the count of externally observable compromised systems. Despite the implant’s inability to persist after a device reboot, they created new local user accounts with administrator privileges, further underscoring the malicious intent behind the attack.
Deputy Director Gullik Gundersen noted the long-standing awareness of the vulnerability and its critical rating, emphasizing that attackers could gain complete control over the compromised systems. In response, businesses using Cisco IOS XE were urged to update their systems promptly, as NSM continued its efforts to identify and address affected entities amid the ongoing incident.