Chinese hackers blamed for breach of Norwegian parliament email accounts
The Norwegian government on Monday formally attributed a breach of email accounts associated with the Norwegian parliament, or the Storting, earlier this year to Chinese hackers involved in the exploitation of vulnerabilities in Microsoft’s Exchange Server.
The Storting disclosed in March that email systems had been breached as part of the Microsoft Exchange Server incident, which involved hackers exploiting vulnerabilities to compromise thousands of organizations around the world.
“This was a very serious incident affecting our most important democratic institution,” Norwegian Minister of Foreign Affairs Ine Eriksen Søreide said in a statement. “Following a detailed intelligence assessment, it is our view that the vulnerabilities have been exploited by actors operating out of China.”
The attribution came the same day the United States, the United Kingdom, the European Union and other nations jointly attributed the exploitation of the Microsoft vulnerabilities to Chinese-linked hackers.
Eriksen Søreide confirmed that the Storting was a victim of this exploitation and that the Chinese Embassy had been contacted in order to “raise the issue directly.”
The minister pointed to the attribution to China by allied nations as part of pushing back against the attack.
“We expect China to take this issue seriously, and to ensure that such incidents are not repeated,” Eriksen Søreide stressed. “Allowing such malicious cyber activities to take place is in contradiction of the norms of responsible state behaviour endorsed by all UN Member States.”
The compromise as part of the Microsoft Exchange Server vulnerabilities was not the first hacking incident to hit the Norwegian government in the past year.
The Storting announced in September that it had been hit by an “IT attack,” with data from the accounts of a “small number” of members of parliament and staff successfully downloaded by the attackers.
The attacks come amid months of escalating cybersecurity concerns. The SolarWinds hack, discovered in December, enabled Russian government-backed hackers to compromise nine U.S. federal agencies for most of 2020, while attacks on critical infrastructure such as the Colonial Pipeline in the U.S. have underlined major vulnerabilities.