Zero-Day Cyberattack on Norwegian Ministries

A recent cyberattack on a software platform used by 12 ministries in Norway has brought to light the critical importance of promptly applying security updates to protect against evolving cyber threats. The Norwegian National Security Authority (NSM) confirmed that attackers exploited a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution, leading to potential data breaches. While certain high-profile ministries remained unaffected, the incident has sparked concerns about the vulnerability’s discovery and the need for swift action in safeguarding critical systems. In this article, we delve into the details of the attack, the response of Norwegian authorities, and the pressing need for cybersecurity vigilance.

Fortunately, the cyberattack did not impact Norway’s Prime Minister’s Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs, offering some relief amidst the incident. However, the Norwegian Data Protection Authority (DPA) was notified about the breach, indicating the possibility of unauthorized access and exfiltration of sensitive data from compromised systems. The breach underscores the urgent need for organizations to implement robust security measures and regularly update their systems to protect against emerging threats.

The NSM acknowledged the uniqueness of the vulnerability discovered in Ivanti’s EPMM solution. They emphasized the delicate balance between releasing information about vulnerabilities promptly and potentially contributing to misuse of the flaw elsewhere in Norway and worldwide. In their caution, they delayed disclosure until the necessary updates were made available to users, preventing further exploitation of the vulnerability.

Promptly responding to the cyberattack, the Norwegian National Cyber Security Center (NCSC) took action by notifying all known MobileIron Core customers in Norway about the existence of a security update to address the actively exploited zero-day bug (CVE-2023-35078). The NCSC urged system owners to install these critical security updates immediately to thwart incoming attacks and mitigate potential damage.

Leave a Reply