“Persistent Threat Actors”: Norway Government Ministries Suffered 4 Month Long Cyberattack

Norway’s government ministries have fallen victim to a cyberattack that lasted “at least four months”, according to a Bloomberg article that broke early Wednesday morning. The attack was carried out via a vulnerability linked to mobile device management, the report says. 

Norwegian and US cybersecurity agencies confirmed that the vulnerability affecting Ivanti Endpoint Manager Mobile “allowed advanced persistent threat actors…to gather information from several Norwegian organizations, and gain access to and compromise a Norwegian government agency’s network from at least April”.

A joint cybersecurity advisory was issued on August 1 and can be read in full here. 

The US Cybersecurity and Infrastructure Security Agency and Norway’s National Cyber Security Centre said: “Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices.”

Ivanti has released patches for the vulnerabilities already, on July 23 and July 28, Bloomberg reported. 

The news comes just weeks after it was reported that Chinese hackers had accessed the email of a U.S. ambassador and had compromised “hundreds of thousands” of U.S. government emails. 

We noted, citing the Wall Street Journal in late July that hackers “linked to Beijing” accessed the email account of the U.S. ambassador to China, Nicholas Burns, in an attack that reportedly has “compromised at least hundreds of thousands of individual U.S. government emails.”

Daniel Kritenbrink, the US assistant secretary of state for East Asia, was also hacked in the cyber-espionage attack. While it remains unconfirmed, the two diplomats are believed to be the two most senior officials at the State Department targeted in the alleged spying campaign disclosed last week.

Unlike previous so-called “Russian hacking” campaigns which dominated the news between 2016 and 2022 and which were fabricated by the FBI to cover up the FBI’s own criminal activity, and where everything about the perps was known instantaneously, the “contours” of the Chinese hacking campaign aren’t fully known.

According to the Journal, while the infiltration was limited to unclassified emails, “the inboxes of Burns and Kritenbrink could have allowed the hackers to glean insights into U.S. planning for a recent string of visits to China by senior Biden administration officials, as well as internal conversations about U.S. policies toward its rival amid a period of delicate diplomacy that has been challenged repeatedly in recent months.”