A cyber attack has hit twelve Norwegian government ministries, Norway’s Ministry of Local Government and Regional Development said in a statement on Monday. It is unknown if the email accounts of Prime Minister Erna Solberg or other cabinet members were among those affected. The ministry said it has been working closely with parliament and national security officials to assess the situation and put measures in place to prevent a repeat of the incident.
“The investigation has revealed that the threat actor managed to gain administrator rights that gave access to centralized IT systems used in state administration offices,” the statement reads. The ministry added that it has no evidence that the hackers exfiltrated security-graded information. It is too early to say who is behind the attack and what impact it may have had, said Ministry of Local Government and Regional Development Director Sigbjorn Gjelsvik.
The ministry is responsible for housing policy, planning, and building law, public administration IT and policy, local government finances, rural and regional development, Sami and minority affairs, conduct of elections, and the state’s mapping and geodata policies. The ministry also works closely with the government’s High North and Arctic Secretariat, based at the same office in the central city of Oslo.
It is not the first time cyber attackers have targeted the ministry. In 2021, it was hacked by an unknown group that gained access to its online services. The BBC reported that the attack came just weeks after a separate hack against the Norwegian petroleum industry’s computer systems exposed the personal data of more than two million people, affecting their banking and credit cards.
Norway’s national security agency blamed the attack on bad actors sponsored by and operating from China. However, it has been unable to confirm whether that same group was responsible for the more severe hack on its state administration centers in 2018.
While the government has strengthened cybersecurity across the country’s network, experts say it is challenging to stop malicious actors from exploiting vulnerabilities. A new study from the consultancy Recorded Future finds that cyber attacks on critical infrastructure, such as energy companies, are increasing globally and that these organizations’ cybersecurity capabilities are lagging behind those of their peers. The researchers found that the average organization in the petroleum sector had a security budget of just $21 million, well below the $44 billion spent by companies considered to be best protected.
This is even though a law passed in 2019 places new obligations on those responsible for protecting critical infrastructure from threats emanating abroad. The report’s authors call for the industry to spend more on cybersecurity. Alexander Martin is the UK Editor of Recorded Future News and a European Cyber Conflict Research Initiative fellow. He has a background in journalism, writing for newspapers and magazines, including Sky News. He is an expert in cyber conflict and international relations, focusing on how foreign power tries to influence domestic politics and society.