At present, the Storting does not know the full extent of the attack. A number of measures have been implemented in our systems, and an analysis of the situation is in progress. It has been confirmed to the Storting that data has been extracted.
“The threat situation is changing rapidly and becoming increasingly complex. The attack on us shows that at worst cyberattacks can have serious consequences for our democratic processes,” said Tone Wilhelmsen Trøen, President of the Storting.
Vulnerabilities in Microsoft Exchange
The cyberattack is an international problem, and is a result of the exploitation of vulnerabilities in Microsoft’s programmes. In this particular case, the vulnerability that has been exploited is a so-called “zero-day vulnerability.” This is a vulnerability that the supplier has not been aware of, but one which it is possible for hackers to detect and exploit. The Storting was therefore not able to prevent the attack. At present, it is not possible to see a connection between this attack and the cyberattack on the Storting last autumn.
“We know that data has been extracted, but we do not have a full overview of the situation. We have implemented a series of comprehensive measures and are not ruling out further action. We are working closely with the relevant security authorities. The situation is currently unresolved, and we do not yet know the full potential of the damage,” said Marianne Andreassen, Secretary General of the Storting.
The Storting does not know who is responsible for the attack. The cyberattack has been reported to the police.