Norwegian PST Accuses Russian Hacking Group APT28 of Attack on Parliament
The Norwegian Parliament (Stortinget) suffered a cyberattack on August 24, giving hackers access to parliamentarians and parliamentary employees’ emails. The attackers’ identity was not revealed at the time, but Foreign Minister Ine Eriksen Soreide was quick to hold Russia responsible.
And on December 8, Norway’s Police Security Service (PST) verified her claims, announcing the investigation’s findings in a press release. The PST accused Russian-backed APT28 of carrying out the cyberattack, although there wasn’t enough evidence to indict or press charges against its members for damages to the country’s national interests.
APT28, also known as Fancy Bear and STRONTIUM, is a Russian hacking group with alleged ties to Russia’s GRU military intelligence agency. Several western governments, corporations, and think tanks have previously accused it of launching attacks against their security systems and networks.
In fact, the cybercrime gang gained worldwide recognition after interfering with the 2016 US presidential elections and hacking the German Parliament (Bundestag) in 2015. It was also accused of targeting Donald Trump’s and Joe Biden’s campaigns this year.
Weak Passwords, No 2FA
In its report, PST said after threat actors infiltrated Stortinget email accounts, they tried to force their way to the Parliament’s internal networks but failed. And according to the investigators, Stortinget members and employees must take their share of the blame for creating weak passwords and failing to enable two-factor authentication (2FA).
Meanwhile, the Police Security Service couldn’t share additional details due to the sensitive nature of the cyberattack. Officials stated, though, that the incident is part of a more extensive Fancy Bear campaign to target several entities both inside and outside Norway.
In a recent report, Microsoft said that as of September 2019, APT28 shifted its tactics towards large-scale brute-force and credential-harvesting attacks. They also started raiding Office365 accounts to put their hands on email accounts of over 200 government and private organizations.
When going online, using a VPN hides your digital footprint, thanks to data encryption, a no-logs policy, and traffic redirecting. These tools also change your IP address so that government agencies, ISPs, and hackers can’t track your location.