Norway’s Storting suffers second major cyber incident in a year
Note: We are reader supported and may earn a small commission when you click on links in posts
Cyber criminals have once again successfully infiltrated the Storting’s (Norwegian parliament) IT systems. This is the second successful attack in the last six months.
In this latest cyberattack, hackers were able to breach systems and exfiltrate data from the Storting’s (Norwegian: Stortinget) Microsoft Exchange Server.
“The threat picture is changing rapidly and is increasingly demanding. Such an attack also shows that our democratic processes can be affected,” said Storting president Tone Wilhelmsen Trøen to Norwegian government-owned radio and television public broadcaster, NRK according to a report in The Local no.
It was reported that the attackers exploited a vulnerability in Microsoft Exchange.
Earlier this month, the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security (CISA) issued a bulletin about Microsoft Exchange Server Vulnerabilities.
CISA bulletin Alert (AA21-062A) states that, “Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system.”
The vulnerabilities impact on-site Microsoft Exchange Servers, but not Exchange Online or Microsoft 365 cloud email services.
Microsoft has patched four Exchange vulnerabilities:
- CVE-2021-26855 allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server.
- CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 all allow for remote code execution.
Previous Starting Data Breaches
Last year Norwegian investigators announced cybercriminals had successfully attacked the Storting in August. An investigation showed the Russian hackers used a simple brute force password attack to compromise Storting email accounts. The campaign was the work of a Russian Advanced Persistent Threat (APT) group APT28.
Russian denies all involvement.
APT28 organized group of nation state-sponsored threat actors is also known as Fancy Bear, Sofacy, Sednit, and STRONTIUM.
The attackers are linked to Russia’s GRU military intelligence agency.
The attackers used a brute force password attack which is a simple yet highly effective tactic. In a brute force password attack, cybercriminals simply guess at passwords but in high volumes with the help of computer automations. They often use dictionaries of commonly used passwords to speed up the attack and improve their odds.
It is important to use unique and hard-to-guess passwords for every online account that you have. If you cannot remember a new password for each account, then try using a password manager to help you create and store complex passwords.
People often use the same password, or close variations, over and over again, making it easy for hackers to compromise multiple accounts. When a cybercriminal hacks their way into your airline loyalty account, they may be able to use the same email and password to get into your bank or payment card.
Password managers help secure online accounts. They can be used to sync login credentials across all of your electronic devices.