Å nei! Norway's Stortinget struck by Microsoft Exchange malware
'Data has been extracted' as Swiss-cheese servers are exploited
Norway's Parliament has joined the growing list of organisations hit by vulnerabilities in Microsoft's Exchange Server.
A press release confirmed that Stortinget (the great assembly) had suffered at the hands of backdoor-installing miscreants and, worse, "we know that data has been extracted, but we do not yet have a full overview of the situation," according to director Marianne Andreassen.
"We have taken extensive action and cannot rule out that further action will be taken," she added, "the work is carried out in cooperation with the security authorities. The situation is unclear, and we do not know the full potential for damage."
The exploit at a democratic institution such as Stortinget is certainly ominous, perhaps more so than the woes in recent days of organisations such as the European Banking Authority. Stortinget president Tone Wilhelmsen Trøen said: "The attack we are facing shows that IT attacks can have serious consequences for democratic processes at worst."
Located in Oslo, Stortinget is the supreme legislature of Norway and consists of 169 seats. Trøen has been its president since 2018.
The assembly is no stranger to IT attacks. Its email systems were hacked in August 2020, an act the Minister of Foreign Affairs, Ine Eriksen Søreide, blamed at the time on Russia. The accusation was deemed "groundless" by Konstantin Kosachev, head of the Russian Federation Council's Committee on Foreign Affairs, according to the Russian News Agency, TASS.
The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOLREAD MORE
Stortinget is not connecting that breach with the recent exploiting of vulnerabilities in Microsoft's Exchange Server, made public last week.
Security researcher Brian Krebs recently posted that "at least" 30,000 US organisations could have been hacked thanks to the flaws, which allowed hackers to leave backdoors in exposed Exchange Servers. Microsoft released emergency updates on 2 March and said a group of Beijing-backed hackers were to blame for the exploits.
Krebs reckoned that the group "has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems."
Part of the problem is that the attention drawn to the flaws has led to a flood of attacks by miscreants keen to compromise systems before victims can apply the necessary patches. John Hultquist, VP of Mandiant Threat Intelligence, said yesterday "As these exploits propagate to the criminal element this issue will become a crisis for organizations with the least resources.
Which is indeed part of the problem. Administering an Exchange Server is not a trivial matter, and both patching and scanning for compromise is not for the faint-hearted (and also why the European Banking Authority pulled its servers from the Internet at the first sign of trouble.)
Stortinget is sadly unlikely to be the last organisation to go public on a compromise of Microsoft Exchange. ®