Zero-Day In Third-Party Software Reason for the Hack, Says Security Agency Head
Unknown hackers attacked a dozen Norwegian government ministries through a zero day vulnerability present in a shared digital platform, the Oslo government disclosed Monday.
Government officials said personnel spotted the attack after detecting unusual traffic on the platform used by the government excepting key agencies. The prime minister’s office and the ministries of defense, justice and foreign affairs were unaffected by the hack.
The previously unknown vulnerability lay in third party software, said Erik Hope, director of the Government Security and Service Organization during a press conference. Authorities still don’t know the scale of the attack nor who might be behind it, he added.
Safety measures put in place following its discovery mean that civil servants of affected agencies are unable to access smartphone services including email. Government services are uninterrupted, said Local Government and District Minister Sigbjørn Gjelsvik.
Norway has become European’s largest gas supplier following a shift away from Russian exports sparked by Moscow’s 2022 invasion of Ukraine. A February unclassified threat assessment from Norwegian intelligence agencies said the country’s role as an energy supplier to Europe “has assumed ever greater security policy importance” and warned that Russia would likely step up espionage efforts.