Norwegian Ministries Hacked: Zero-Day Alert!
July 26th, 2023 - Written By CyberLabs
Twelve Norwegian ministries fell victim to a cyberattack by threat actors who exploited a zero-day vulnerability in third-party software. The targeted Information and Communication Technology (ICT) platform, used by these ministries, suffered a significant breach that has raised alarms within the Norwegian government. While investigations are ongoing, authorities are still grappling with the implications of this attack, and the potential extent of the data breach remains uncertain.
The Aftermath and Ongoing Investigation
The cyberattack came to light when the Norwegian Security and Service Organization (DSS) discovered a previously unknown vulnerability in the software of one of their suppliers. This flaw, known as a zero-day vulnerability, had been exploited by an unidentified actor or group of actors. The DSS promptly closed the vulnerability, but the damage was already done.
The moment the cyberattack was detected, the DSS informed the National Security Authority (NSM) and engaged the police to investigate the incident. The investigation is still in progress, and details about the perpetrators and the full scope of the attack are yet to be disclosed.
Erik Hope, director of the Departments’ Security and Service Organization (DSS), stated, “Our investigations and the police’s investigation will be able to provide more answers.” The seriousness of the situation prompted the DSS to notify the Norwegian Data Protection Authority, indicating that there is a possibility that sensitive data from the ICT platform may have been compromised.
Response and Mitigation
As a precautionary measure, the DSS implemented several security measures in response to the cyberattack. While employees in the affected ministries no longer have access to DSS’s common mobile services, they can continue their work on office computers or from home. The DSS is closely monitoring systems and has promised to introduce further security measures as needed.
The zero-day flaw exploited by the hackers has since been patched, minimizing the risk of future attacks using the same vulnerability. The Norwegian National Security Authority (NSM) confirmed that the attackers targeted Ivanti’s Endpoint Manager Mobile (EPMM) solution, which led to the breach of the software platform used by the twelve ministries.
Wider Implications and Safeguards
Given the severity of the attack, the Norwegian National Cyber Security Center (NCSC) took swift action to protect other potential targets. They notified all known MobileIron Core customers in Norway about a critical security update designed to address the actively exploited zero-day bug (CVE-2023-35078). The NCSC urged system owners to implement these security updates immediately to safeguard against incoming attacks.
Source
- https://www.bleepingcomputer.com/news/security/norway-says-ivanti-zero-day-was-used-to-hack-govt-it-systems/#google_vignette
- https://nsm.no/aktuelt/nulldagssarbarhet-i-ivanti-endpoint-manager-mobileiron-core
Recently,
