Norwegian PST Accuses Russian Hacking Group APT28 of Attack on Parliament

The Norwegian Parliament (Stortinget) suffered a cyberattack on August 24, giving hackers access to parliamentarians and parliamentary employees’ emails. The attackers’ identity was not revealed at the time, but Foreign Minister Ine Eriksen Soreide was quick to hold Russia responsible.

And on December 8, Norway’s Police Security Service (PST) verified her claims, announcing the investigation’s findings in a press release. The PST accused Russian-backed APT28 of carrying out the cyberattack, although there wasn’t enough evidence to indict or press charges against its members for damages to the country’s national interests.

APT28, also known as Fancy Bear and STRONTIUM, is a Russian hacking group with alleged ties to Russia’s GRU military intelligence agency. Several western governments, corporations, and think tanks have previously accused it of launching attacks against their security systems and networks.

In fact, the cybercrime gang gained worldwide recognition after interfering with the 2016 US presidential elections and hacking the German Parliament (Bundestag) in 2015. It was also accused of targeting Donald Trump’s and Joe Biden’s campaigns this year. 

Weak Passwords, No 2FA

In its report, PST said after threat actors infiltrated Stortinget email accounts, they tried to force their way to the Parliament’s internal networks but failed. And according to the investigators, Stortinget members and employees must take their share of the blame for creating weak passwords and failing to enable two-factor authentication (2FA).

Meanwhile, the Police Security Service couldn’t share additional details due to the sensitive nature of the cyberattack. Officials stated, though, that the incident is part of a more extensive Fancy Bear campaign to target several entities both inside and outside Norway. 

In a recent report, Microsoft said that as of September 2019, APT28 shifted its tactics towards large-scale brute-force and credential-harvesting attacks. They also started raiding Office365 accounts to put their hands on email accounts of over 200 government and private organizations.

When going online, using a VPN hides your digital footprint, thanks to data encryption, a no-logs policy, and traffic redirecting. These tools also change your IP address so that government agencies, ISPs, and hackers can’t track your location.

Ralph Peterson

Ralph was bitten by the tech bug from an early age. Today, he is an expert cybersecurity geek with 13+ years of online privacy and streaming experience under his belt. Spoiler alert: He hates bottled TV show endings (Game of Thrones) and whenever his favorite teams lose.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button