Norwegian law enforcement have blamed Russian superior persistent menace (APT) team Extravagant Bear for the summer cyber-attack on Norway’s single-chamber parliament, the Storting.
In what was described as “a significant attack” by the parliament’s director, Marianne Andreassen, unauthorized individuals managed to get access to the email accounts of numerous elected members of parliament and to some accounts belonging to parliament workforce on August 24.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
On September 1, the Storting verified that a minimal selection of accounts experienced been compromised and that different amounts of details experienced been downloaded by the attackers. Some of the compromised accounts belonged to members of Norway’s primary opposition party, the Labour Party.
Two months later, Norway’s international minister, Ine Eriksen Soereide, laid the blame for the attack squarely at Russia’s door.
Speaking on October 13, Soereide said: “This is a critical occasion that strike our most critical democratic institution. Centered on the info accessible to the govt, it is our assessment that Russia stood driving this activity.”
The attack was documented to Norway’s Law enforcement Security Assistance (PST) by the Storting on September 1, which subsequently introduced an investigation.
On December 8, the PST announced that a brute-drive attack had been executed to break into user accounts of the Storting’s email process and that “sensitive material has been extracted from some of the impacted email accounts.”
Investigators identified that the actor experimented with to “move further into the Storting’s computer system techniques” but was not productive.
Police concluded that the strike on the Storting was aspect of a bigger marketing campaign nationally and internationally that has been going on considering that at least 2019.
“The analyses display that it is probable that the operation was carried out by the cyber actor referred to in open sources as APT28 and Fancy Bear,” said the PST.
“This actor is linked to Russia’s military intelligence services GRU, extra particularly their 85th Unique Expert services Center (GTsSS).”
The PST said that the attack confirmed that insecure passwords utilized for private and company email accounts expose both men and women and the Storting as a parliamentary institution and that two-factor authentication and settings could avert similar attacks from taking place.
Some areas of this article are sourced from:
www.infosecurity-magazine.com