Threat Watch

Norwegian Parliament Breached

The Norwegian Parliament (Storting) has confirmed a breach that has affected some email accounts. The amount and type of data has yet to be specified. No clear motive or intent has been discussed and it is likely that nothing will be publicly announced until the investigation being conducted by the Norwegian National Security Authority (NSM) and NorCERT has concluded. Both the Labor Party and Central Party members were targeted and affected by the breach.  

ANALYST NOTES

Attackers often target email accounts because the messages and attachments can contain extremely sensitive information that can be used as leverage to extort the victim, or can be sold to people with criminal intent to misuse the private information for personal financial gain—for example, insider trading. While legislators and other government officials are often targeted, the email messages from global corporations are also highly sought-after by data thieves for the valuable information that they contain. All organizations that use email should protect access through strong password requirements and strictly enforced multi-factor authentication. If using cloud service providers such as Office 365, IT administrators must ensure that “legacy authentication” has been completely disabled to prevent attackers from bypassing the multi-factor authentication requirements.

Source: https://www.bleepingcomputer.com/news/security/hackers-breached-norwegian-parliament-emails-to-steal-data/