SIM Report: Western & Northern Europe, Issue 9

NORWAY: GOVERNMENT BLAMES PARLIAMENT CYBER-ATTACK ON CHINA-BASED THREAT ACTORS 

On 18 July, the Norwegian government said that a 10 March cyber-attack against the parliament e-mail system was conducted from China, calling on Beijing to prevent such activities. An investigation from Norway’s intelligence services identified that it came from ‘actors operating out of China’.

The statement from Norway formed part of an international response organised among a coalition of US allies, which accused China’s ministry of state security of carrying out a global cyber hacking campaign. Attackers had exploited a security vulnerability in Microsoft Corp’s Exchange software. Publicly attributing the attack to actors based in China illustrates growing efforts to reduce the risk of such incidents by identifying their source and disclosing alleged perpetrators.

In September 2020, a series of cyber-attacks targeted members of Norway’s parliament and public sector employees of the south-eastern Hedmark region. Norway’s foreign minister Ine Eriksen Soreide said that ‘information available to the government’ indicated that ‘Russia stood behind this activity’. Moscow had rejected the claim as a ‘serious and wilful provocation’. Examined in a context of especially tense Russia-Norway relations, this explains why Norwegian officials were likely more inclined to view it as an attack by pro-Russian actors. Moreover, on 4 and 5 May 2021, Volue – a Norway-based energy technology firm – was targeted in a ransomware attack, which caused the shutdown of water and water treatment facilities in 200 municipalities. The Ryuk ransomware was found in the company’s computer systems and the incident occurred days before the Colonial Pipeline in the US disclosed it had been targeted in a ransomware attack. Both incidents highlighted the attractiveness of critical infrastructure firms to hacker groups since such actors require constant access to equipment to ensure operational functionality.                      

The statement accusing China-based actors of the Norway parliament attack must be examined in the global context of growing geopolitical tensions between the US and its allies on one side, and China on the other. Across Europe, there has been increasing alignment from EU countries with the US on China; for instance, more countries have adopted a tougher stance on Chinese technology firm Huawei and the role it should play in developing 5G technology. As tensions between China and the West are set to continue, the risk of cyberattacks targeting critical infrastructure will persist if not increase. Companies should regularly assess their exposure to such cyber-attacks, enhance cyber defences, and train staff to better identify suspicious links and attachments.



WANT TO READ MORE ANALYSIS IN THIS LATEST SIM EDITION...

EUROPEAN UNION: Assessing the fallout from the devastating July flooding in Western Europe

READ MORE