Norwegian government IT systems hacked using zero-day flaw

The Norwegian Data Protection Authority has also been notified about the cyberattack, indicating that the hackers might have accessed and/or exfiltrated sensitive data from the ICT system, leading to a data breach.

Despite the compromised platform's critical role in the government's daily operations, the recent cyberattack will not necessitate a halt in work activities.

"DSS has initiated a number of security measures to protect the information on the affected ICT platform."

"DSS has set up a crisis team, and is investigating and handling the incident with assistance from the National Security Authority (NSM) and other security experts."

DSS's director general, Erik Hope, stated that the hackers breached the ICT platform through a zero-day vulnerability in an application used by the government.

The flaw has now been fixed, and the agency has implemented additional security measures like restricting remote access via mobile devices for ministry employees to DSS's ICT platform.

Unfortunately, DSS has not provided any details about the vulnerable software, so it is unclear if this concerns a novel attack wave that might also impact organizations in other countries.