In a major cyberattack on the energy sector, 50 Norwegian companies have been hacked and another 250 have been warned that they are at risk and should check their computer systems.
Norway’s hacking prevention unit, the National Security Authority (Nasjonal Sikkerhetsmyndighet or NSM), issued the warning this week after spotting the largest ever coordinated hack in the country.
NSM said it was alerted to the hack by “international contacts” and that while it had identified suspects, it would not share that information at this time.
The names of the breached and targeted companies have not been released, although Statoil has confirmed that it has been warned by NSM and Peer Olav Østli, executive vice president of transmission system operator Statnett’s ICT division, told Norwegian news site NewsinEnglish that an email with a dubious attachment had been received by an employee.
Hans Christian Pretorius, NSM’s director of operations, told newspaper Dagens Naeringsliv that the hackers “have done research beforehand and gone after key functions and key personnel in the various companies.
“Emails that appear to be legitimate are sent to persons in important roles at the companies with attachments,” he explained. “If the targeted employees open the attachments, a destructive program will be unleashed that checks the target's system for various holes in its security system. If a hole is found, the program will open a communications channel with the hackers and then the really serious attack programs can infect the targeted company’s computer system.”
According to Pretorius, the hackers’ ultimate goal is the theft of intellectual property.
In 2011 Norway’s oil and gas sector was hit by hackers who sent emails with virus-laden attachments to specific people at 10 companies. The attacks garnered user names, passwords, industrial drawings and documents relating to contract negotiations, which NSM said were then taken out of the country.