Norway Parliament, Storting, Hit by a Microsoft Exchange Cyber Attack


Yet again for the second time in about six months, Norway's parliament has been hacked. Government officials acknowledged the infiltration of information networks and the extraction of data of the Norwegian Parliament by the attackers. Officials said on Wednesday 10th of March that just six months after a previous cyber-attack, Hackers infiltrated and harvested data from the Norwegian Parliament computing devices.

Officials also said that attackers who seemed to exploit the program, used to handle MPs' emails, had stolen an undisclosed amount of data. The intrusion is thought to have been part of a global attack on the commonly used e-mail system, Microsoft Exchange, which is believed to have reached about 250,000 objectives, including health researchers, US defense allies, and European banking regulators. 

To repair a zero-day vulnerability- ProxyLogon, was used in attacks, Microsoft has released immediate security patches for Microsoft Exchange, last week. Initially, this attack was accredited to a China hacking organization named HAFNIUM, sponsored by a government, that used vulnerabilities to infiltrate servers, install backdoor web shells and enter internal corporate networks.

Parliament President, Tone Wilhelmsen Troen informed in a press conference, the current attack was much more serious than last year. “This is an attack on our democracy,” she said. “The severity is underscored by the fact that this is happening in the run-up to a parliamentary election and as parliament is handling a pandemic.” 

"The Storting does not yet know the full extent of the attack. A number of measures have been implemented in our systems, and the analysis work is ongoing. The Storting has received confirmation that data has been extracted," the Storting disclosed in a statement. 

The Norwegian government has estimated that at least 269 Servers, involving local authorities, a university, and the Parliament known as the Storting, have been exposed. The Parliament or Storting, which complained to the police, said that the source hasn't been determined and that there was no proof to date that the attack had been connected to the previous attack whereby Norway's intelligence service stated the same to have originated from Russia.

The Storting, for now, has stated that the threat perpetrators have stolen data but still, they are investigating as part of the cyber-attack. At present, the condition is uncertain and the total damage potentials are not known. 

In addition to Hafnium, other cybercrime groups identified as Tick, LuckyMouse, and Calypso have used zero-day vulnerability before patches were issued, as per the latest report by cybersecurity firm ESET which also told in a new study that many more hacking firms leaped into the Microsoft Exchange frenzy before patching them to hack systems.