Norway's domestic spy agency said that a hacker group most commonly known as Fancy Bear or APT28 was likely behind an August cyber attack on Norwegian parliament’s email system.
According to the Norway’s national police agency, the operation that targeted the Storting assembly on August 24 was “part of a larger campaign nationally and internationally, which has been going on at least since 2019.”
“The analysis show that it is likely that the operation was carried out by the cyber actor referred to in open sources as APT28 and Fancy Bear,” reads the statement signed by the Norwegian police attorney Anne Karoline Bakken Staff.
The investigation revealed that the attackers used brute force to obtain valid email credentials.
“This technique has been used against a high number of user accounts at the Storting's e-mail systems, and has resulted in the player being able to obtain a user password, which it could again use to log in to a smaller number of accounts. It has been revealed that sensitive content has been extracted from some of the affected e-mail accounts,” the agency said.
The threat actor then attempted to move further into the Storting's computer systems, however, these attempts were unsuccessful.
The investigators said that the hackers were able to compromise email accounts partly because Storting's officials and employees used weak email passwords and failed to enable two-factor authentication to protect accounts.
The Norway’s national police agency also said the investigation was terminated as it did not provide sufficient evidence for an indictment to be issued.
In October, Foreign Minister Ine Eriksen Soereide said that “it is our assessment that Russia is behind this activity” and called the attack “a serious incident that affects our most important democratic institution.” The Russia’s embassy in Oslo denied accusations, calling them unsubstantiated, “unacceptable” and “destructive for bilateral relations.”