Erik Hope, director of the Norwegian government agency, revealed that the attack exploited a flaw in third-party software, without providing details about the software in question or the impact of it.
However, the director claims that the flaw is being actively exploited for attacks, whose origin is still unknown. The investigation is still ongoing, and it is too early to provide details on the impact of attacks on infrastructure.
However, despite the confirmation of the attack, the Government of Norway and its services appear to be operational. This includes the various sectors that were affected by the attack as they use dedicated platforms for their day to day operations.
“A previously unknown vulnerability has been detected in software from one of our vendors,” said Erik Hope, director of the Norwegian government agency responsible for computer security.
“This vulnerability is being exploited by an unknown actor (…). It is too early to say who is responsible (for the attack) and to determine the scale of the action”, said the official in a press conference, quoted by international agencies.
The functioning of the Government of Norway was not affected, namely the prime minister's office and the Ministries of Defence, Foreign Affairs and Justice, as these structures have their own digital platforms.
According to Erik Hope, the vulnerability has been fixed, but employees of the 12 affected ministries still cannot access their work email on their mobile phones or tablets.
It should be remembered that this is not the first time that Norway has been the target of computer attacks. In 2020 and 2021, a group known as “Fancy Bear” will have carried out attacks against various institutions in the country. This group has links with Russian intelligence services.
