The Storting exposed to a new cyber attack:

– The Storting has again suffered a serious cyber attack. We do not know the extent, but we do know that data has been extracted. The attack is related to exploits on Microsoft Exchange, says Storting President Tone Wilhelmsen Trøen (H) at a press conference Wednesday afternoon.

– What we have been exposed to has affected many. We know that the threat image is constantly evolving. We were attacked this fall and we are being attacked again. This is bigger and more advanced than last year.

– The attack could disrupt parliamentary systems and is an attack on democracy, he continues.

The Storting claims that they have reported the case and that further investigation has been left to the police.

The Storting does not yet know the full scope of the attack. Various measures have been implemented in the systems and analysis work is ongoing. The Storting has received confirmation that data has been extracted, but does not yet know who is behind the attack.

– It couldn’t be helped

According to the director of the Storting, Marianne Andreassen, the attack could not be prevented.

– Microsoft came out on March 2 and prescribed the attack. On March 3, the information became available. On Friday March 5, the Storting received a warning from the National Security Authority against our systems. The national security authority came out the same day and said that Microsoft contains vulnerabilities that are exploited in Norway, Andreassen says.

On Monday, March 8, the Storting received verification that the data had been extracted. However, it took a day for representatives and employees to be notified to change their passwords.

– What is the reason why it did not happen already on Tuesday?

– There has been a race against time to gain control of the situation and take the necessary measures that have good effects, and this was the moment when it seemed appropriate to use this measure together with other security measures that have been carried out in our systems Andreassen tells VG.

– Are you sure that the measure has not come too late?

– Not all answers are in place. We have worked as quickly as possible and with all the available resources that we have been able to mobilize to take control of the situation.

He states that the Storting cannot go into details about what measures have been implemented, but says that “a password change was implemented for everyone.”

– We are still in an analysis phase, and we cannot rule out new measures that may affect representatives and employees, the Storting could not prevent this attack, he says.

– How could you not find out?

“We all live with the uncertainty that we will never be able to offer 100 percent guarantees in a digital world,” the Storting Trøen president tells VG.

They think they can work in the systems again.

– Is there data that could put pressure on people who have recovered? Can you elaborate?

– It is part of the analysis phase, about which we cannot say anything now. We cannot rule it out, says the director of the Storting Andreassen.

When asked how the attack could disrupt parliamentary processes, she says:

– It is quite obvious that an attack on the Storting and a break-in of our computer systems would affect parliamentary systems. It is an attack on the main democratic and parliamentary activities. If one can no longer work on our systems, it would interfere with the way we are supposed to do our work.

“We are confident that we can now work on our systems,” adds Andreassen.

– The data has been recovered

A press release sent out by the Storting earlier on Wednesday claims that the TI attack is part of an international problem.

The vulnerability exploited in this case is the so-called “zero-day vulnerability”. This means a vulnerability that the vendor was unaware of, but that threat actors can detect and exploit.

The National Security Authority (NSM) warned before the weekend that vulnerabilities in Microsoft Exchange are being actively exploited by advanced and non-advanced threat actors.

The National Security Authority informs E24 on Wednesday that they have scanned all of Norway and identified 1,500 servers that may be affected by the vulnerabilities.

– A quarter of these have not installed the updates, says Trond Øvstedal, information manager at NSM.

Øvstedal says they cannot answer whether the Storting could have prevented the attack.

But despite installing the updates, the damage may have already occurred, according to NSM.

– Everyone with Microsoft Exchange servers should go back to the logs and see if they have been attacked before the installations.

Sent an email on Tuesday

The vulnerabilities were identified and reported on March 2, but all companies that had not taken advantage of the post update by the end of March 3 should assume they are under attack, authorities warned.

The parties in the Storting received a report on Friday, March 5, that the Storting had begun investigating the holes in the Microsoft Exchange.

On Tuesday this week, an email was sent about two-factor authentication and on Wednesday, the Storting sent out a press release and email about the IT attack, based on emails VG has had access to. .

In this press release, the Storting writes that they were unable to prevent the attack and that at present it is not possible to see any connection between this attack and the IT attack that the Storting was exposed to. Fall 2020.

On September 1, news broke that several Storting members and employees had been exposed to theft on their email accounts. The victims sat on various committees and several were able to access sensitive information.

– Change Password

An email to Storting representatives states that the full scope of the attack is not yet known and that a number of measures have been implemented. Analysis work is in progress.

– All representatives and employees will now be notified to change their password. Along with many other security measures, this is important now, it is stated in the email describing the situation as “not resolved”.

It is not excluded that new measures may arise.