A recent cyber attack struck a significant blow to the Norwegian government, affecting a total of 12 government ministries. In response to this alarming situation, a crisis staff was promptly assembled. The government minister in charge of handling the response acknowledged the severity of the attack, deeming it “extremely serious.” However, it was emphasized that despite the challenges posed by the attack, the government’s day-to-day operations continue to function “as normal.”
“We identified a weakness in the platform of one of our suppliers. That weakness has now been shut,” Erik Hope, head of the government agency in charge of providing services to ministries, told a news conference.
The Norwegian National Security Authority (NSM) has officially verified that a group of attackers exploited a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution to successfully infiltrate a software platform utilized by 12 ministries within the country.
In a recent statement, the Norwegian Security and Service Organization (DSS) clarified that the cyberattack, which occurred on Monday, had no impact on critical institutions such as Norway’s Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs.
We reached out to several cybersecurity experts to get their thoughts on the news.
Erich Kron, security awareness advocate at KnowBe4:
“The impact that supply chain can have on an organisation continues to be demonstrated through attacks such as this one. The fact that this was caught by identifying unusual traffic on the supplier’s platform reiterates the importance of monitoring traffic as opposed to simply relying on the other party for security or to monitor for unusual traffic themselves. Using outside vendors is almost a certainty in our modern, globally con ..
Support the originator by clicking the read the rest link below.
