- API Penetration Testing

Top 10 Cybersecurity Breaches in Norway

Learn about the state of cybersecurity in Norway and the 10 biggest breaches in this country.
There's no wonder that Norway is one of the few countries in the world that developed a clearly defined cyber security strategy at the national level at the beginning of the 21st century. Introduced in 2003, that document addressed the main digitization challenges, covered the necessary knowledge, and analyzed the risks of technology use in Norwegian society.

However, many changes have happened since the 2000s. For many Norwegian companies, cyberattacks in today's realities aren't something new. They became more frequent, more agile, and way more expensive, yet may hit the business reputation. According to the most recent research by Statista, more than two-thirds (69%) of the Norway residents are concerned or very concerned about the cyberattacks on management systems occurring in Norway within the next five years. Sure, keeping themselves in the loop of the high-profile cybersecurity breaches for many enterprises is no longer an option, but a necessity.

This article will introduce the most infamous cyberattacks in Norway, explaining how they happened, what outcomes they resulted in, and how companies acted after the accident.
#1 300 Oil and Energy Companies Affected in the Largest National Cyberattack
In August 2014, National Security Authority Norway (Nasjonal Sikkerhetsmyndighet – NSM), which is responsible for preventing serious hacking attacks, revealed that nearly 50 companies in the oil sphere were hacked and the security systems of 250 more under the risk of being attacked.

The attack of this kind was the largest of its kind against Norwegian interests to take place. According to the official announcement from NSM, the hack attack was fore-warned by "international contacts". The NSM director believes that many companies are not aware of the amount of sensitive data they risk losing. Moreover, the agency has suspicions as to who is behind the attack but doesn't want to provide such information at the time of the investigation.
#2 Norwegian Health South-East RHF Suffered from a Massive Attack
A Norwegian healthcare provider, Health South-East RHF, started an investigation of the unauthorized access to its internal systems in January 2018, which may have breached the personal data of over half the country's population. The provider delivers healthcare services through 15 health trusts and a network of 19 pharmacies, covering nearly 3 million inhabitants of Norway.

The motives of this attack remain unknown, but as to the report by HelseCERT (Norway's healthcare CERT division), it has been qualified as 'advanced and professional' and is considered to be a targeted attempt to access patient data. This institution was also one of the first to be alarmed about this massive breach of personal information after noticing abnormal activity on the network of Health South-East RHF.

Patient data is a significantly sensitive type of information that is very valuable on the black market and unlike credit card details that can be changed if compromised, sensitive patient data cannot – it is what it is! Moreover, it covers a significant scope of personal data, and that is why companies must take proper measures to secure the information they hold in the data assets.
#3 Cloud Software Provider 'Visma' of Norway Hacked By APT10 Ransom Group
The hacking group APT10, who were believed to be working for the Chinese intelligence agencies, hacked and then stole data from a Norwegian company called Visma. Visma provides online HR, accounting, and also cloud-based business software solutions to more than 900,000 clients from Scandinavia and European countries.

As per the report published by the US cybersecurity firms Recorded Future and Rapid7, the intrusion on Visma's network occurred on August 17, 2018. Frauds breached Visma's internal network by using the stolen valid credentials of a user for the Citrix remote-access software client, used by the company employees. To search and steal the system's data, they installed 2 malware strains - Trochilus remote access Trojan and Uppercut (Anel) backdoor to the internal network.

Visma officially confirmed the breach in February 2019, claiming that their IT security staff has detected the intrusion quickly and that this incident didn't affect any of the clients' systems of Visma. By intruding on the network, AP hackers attempted to gain access to several hundreds of corporations all over the world, though the company claimed the data was prevented from being compromised.
#4 Norwegian Aluminum Producer Suffered from an 'Extensive' Cyber Attack
Norsk Hydro, one of the world's largest aluminum producers, fell victim to a serious cyber attack in March 2019. As per the company's statement, the incident affected IT systems in "most business areas", so right after the discovery, Hydro was switching to manual operations as much as possible.

Reuters reported that after Norsk Hydro's operations across Europe and the US have been affected, the company got a 2.9% drop in the overall share value. Another reputable source has stated that the attack occurred at the time of a new chief executive officer appointment. Moreover, it coincides with the company's efforts to restore production at its Alunorte plant in Brazil, amid claims of environmental damages by emissions of untreated water after flooding.

The environmental damage in Brazil is believed to be the most probable motive, as cyberattacks have been already used to "punish" companies that have angered activist groups or to draw attention to a particular issue or cause. Max Heinemeyer, director of threat hunting at British artificial intelligence (AI)-based cyber security firm Darktrace is certain that in the case of Norsk Hydro, the IT systems affection directly impacts the company's industrial systems. This is believed to be a wake-up call not only to Norsk Hydro but the entire manufacturing industry overall.
#5 Norfund Company Lost NOK 95 Million ($10 Million) as a Result of a BEC Attack
In May 2020, the international community became aware of Norway's state investment fund, Norfund, being suffered from a business email compromise (BEC) attack. Established in 1997, the fund is owned by the Norwegian Ministry of Foreign Affairs and receives its investment capital from the state budget.

Ransomware compromised the Norfund email system and monitored communications between the employees of the fund and their partners for months. To obtain the fund's costs, hackers identified the employee responsible for money transfers and created a Norfund email address on his behalf. Hackers sent corresponding requests with the replaced payment information to the partners to hijack the transfer to an account under their control in a bank in Mexico. To succeed, they manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content, and use of language.

The BEC attack took place on March 16, but its discovery was more than a month later, on April 30. Hackers attempted to delay it with an email to the Cambodian beneficiary, explaining the delay with the existing COVID-19 lockdown in Norway. After the accidental discovery, the company CEO, Tellef Thorleifsson said that they "have taken immediate and serious action to correct this".
#6 Norway's Parliament Reported About Cyber-Attack on Internal Email System
In its press release on September 1, 2020, the supreme legislature of Norway, Stortinget, confirmed that it fell victim to a cyberattack that targeted its internal email system. According to the official announcements, ransomware gained access and downloaded content for "a small number of parliamentary representatives and employees."

The investigation has shown that the hackers breached email accounts of elected representatives and employees alike, from where they stole various amounts of information. Norway's intelligence agency immediately initiated the investigation, which they stated on their Twitter account at the time when the official information about the breach was reported.

After it was discovered, Stortinget started notifying impacted representatives and employees about what happened, yet providing the key information on what to do next.

Local press, who first posted the story about the attacks, also reported that the parliament's IT staff has shut down its email service to prevent the hackers from stealing more data.
#7 Norwegian Cruise Line Suffered Data Breach: Over 27,000 Travel Agents Has Been Affected
In March 2020, the world's third-largest cruise line, Norwegian Cruise Line (NCL), suffered a massive data breach. According to the information from British security firm DynaRisk, the cyberattack hit nearly 27,000 travel agents, whose email addresses and passwords have been exposed as a result.

The breached database from the NCL travel agents' portal leaked on a hacking forum on 13 March, after which DynaRisk representatives verified the authenticity of the data records exposed and contacted the company concerning this issue.
#8 Hurtigruten Cruise Company Disclosed a Cyberattack That Affected the World's Digital Infrastructure
The entire worldwide digital infrastructure of the Norwegian cruise company Hurtigruten fell victim to the massive cyberattack as of December 2020. Being targeted by ransomware, this hack infected all the company's internal systems. So, clients, who entered their website at the time of the attack and for a while after it occurred, saw the following message: "Sorry, the website isn't working right now".

After the breach was discovered, the company immediately notified local authorities, but it's still uncertain whether any data was copied. It's worth saying that the attack took place during the hardest time for the company when the entire cruise liner industry must stop the operations imposed due to the COVID-19 pandemic.
#9 Massive Cyberattack Cost AKVA Group Nearly NOK 50 Million ($6 Million)
In January 2021, Norway-based AKVA Group ASA reported a serious cyberattack that cost the company NOK 49.7 million (EUR 5 million, USD 6 million) in losses in the first quarter of 2021. According to the official statement, the attack took place on Sunday, 10 January, resulting in several key systems being down in the aftermath. It is believed that the attackers were looking to extract a ransom from the company, but the company itself declined to comment on whether the losses it reported in its Q1 financial statement resulted from paying a ransom.

After the accident was revealed, AKVA claimed that it was working with Norwegian authorities and partners to map out an overview of the causes of the attack, its nature, and possible damages. Additionally, when presenting the Q1 2021 financial statement, the aquaculture technology and services provider reassured investors that it does not expect to realize any further losses related to the cyberattack outside of the Q1.

Despite AKVA falling victim to a cyber extortion attack, the organization's "long-term fundamentals remain unchanged" and it remains confident of reaching its targets.
#10 Media Company Amedia Exposed to a Massive Data Breach
A serious data breach occurred in Amedia, a leading Norwegian media company, in December 2021. In their news release, the company revealed that several of Amedia's central computer systems were shut down because of a ransomware attack on the night of December 28. Because of that, the production of paper newspapers was stopped the next day, so readers could only access the online versions.

Per the release, the attack is limited to the systems managed by Amedia's central IT company, affecting the systems of publishing paper newspapers, advertisements, and subscription management.
As you can see, the cyberattacks in Norway become more agile nowadays, getting down the security systems of even the most protected companies. While it's impossible to predict the time and cause of the breach, preparing the system for diverse cyber raids is still worth it.

We hope that this article has shed the light on the security state of Norwegian business enterprises and helped you to implement the advanced improvements in the digital security of your organization. Team