Norway’s government systems compromised in third-party breach

Norway has confirmed that a cyberattack has impacted the ICT platform leveraged by 12 of the country's ministries, reports BleepingComputer. Attackers have leveraged a zero-day flaw in third-party software to facilitate the compromise, which may have resulted in sensitive data access or exfiltration, according to the Norwegian Data Protection Authority. However, the Norwegian Security and Service Organization, or DSS, said that government operations have not been disrupted by the intrusion, emphasizing that the vulnerability has already been addressed and that security improvements have already been implemented. No details on the impacted software have been provided, but DSS Director General Erik Hope noted that further investigation is needed to determine the attackers behind the hack, as well as the extent of the intrusion. "DSS has set up a crisis team, and is investigating and handling the incident with assistance from the National Security Authority (NSM) and other security experts," said the DSS in its public notice.