[ad_1]
Hanne Blomberg, head of counterintelligence at PST, says that several different Norwegian companies, both in the public and private sectors, have tried to be affected by the same attack that the Storting was exposed to.
– A handful have also been compromised, Blomberg tells VG.
Among them is the Storting, where PST has revealed that the attackers managed to extract sensitive content from various email accounts.
Exactly how many people were attacked or how many of the data breaches were successful, he does not want to comment. He also does not want to go into detail about which companies are in question.
– What we can say is that in many ways they reflect the image of threat against Norway. They show a breadth of businesses from different sectors.
However, she confirms that some of the companies have what she describes as “national importance,” but explains that it is difficult to say specifically what the attackers have been looking for other than being included in what is known to be of interest to foreigners. , including Russians. , intelligence.
also read
PST Believes Russian Military Hackers Behind The Storting Attack
– This is because the method used in many ways is an opportunistic method. It’s also because companies are so different, says Blomberg.
The method used is the so-called “password force” to obtain valid user names and passwords.
“Fantasy bear”
On Tuesday, the Police Security Service (PST) said in a press release that they believe a group of Russian military hackers, known by names like “APT28” and “Fancy Bear”, were behind the data breach. reported by the police against the Storting earlier this year.
However, not enough information has been disclosed that an accusation is issued for violation of article 121 of the Penal Code, which deals with intelligence activities against state secrets.
This is what the director of the Storting said when the attack became known:
Blomberg explains that when it comes to the attack on the Storting, the operation may have had different purposes. It can be about extracting personal information, it can be an operation in which you first access the information before publishing it later, as you saw the Russians did with the Democratic Party during the 2016 election campaign, or it could be something like that. as simple as knowing Norwegian decision-making processes.
– But with such an opportunistic method, it may also be that you adapt the goal along the way, as you see where the opportunities lie, says Blomberg, who emphasizes that these are just speculations based on the procedure used.
also read
IT experts on the Storting attack: it looks sophisticated
– Relatively safe
In any case, it is precisely the method that makes the PST believe that the hacking group associated with the Russian military intelligence is behind it. They are known for using these methods, as they did in the aforementioned attack on the Democrats in the United States.
In the press release, PST writes that it is “likely” that it is precisely the group known by names like “APT28” and “Fancy Bear” that is behind the attacks. Blomberg puts it this way:
– When we come out with such a clear press release, we are relatively sure that it is them.
The group has also previously conducted operations against various targets in Norway, says the head of counterintelligence.
– In that sense, this is not something new, but part of the current threat is the image that Norwegian companies must deal with, he explains.
No new reactions
The government shares the PST’s view that Russia is most likely behind the attacks. They said it publicly several weeks ago. Foreign Minister Ine Eriksen Søreide (H) described it as “a serious incident affecting our most important democratic institution.”
Søreide told VG today that “it was a strong and unequivocal signal from the Norwegian authorities that we are addressing the matter in public.” Beyond that, he now doesn’t want to comment on the case.
– I am referring to the PST that is responsible for the investigation of this case. The government has given its assessment before when we attribute the attack to Russia. The Russian embassy was then summoned to the Foreign Ministry on the case, he says.
Should better ensure
As one of the most completely digitized countries in the world, Norway is not only efficient, but also very vulnerable to the network operations seen here. PST believes that Norwegian companies must comply with this.
– In general, our impression is that Norwegian companies have a way to go to secure their digital values in a better way than today. There are fairly simple security mechanisms that may be enough to guard against brutal enforcement, such as two-factor authorization, explains Hanne Blomberg.
There are many reasons to believe that these attacks will continue.
– Yes, it is fully in line with our threat assessments in recent years and with what we will say in our assessment in 2021.