Oil, gas and defence firms in Norway are the victim of a series of sophisticated attacks made by hackers. Norway’s National Security Agency (NSM) has stated that industrial secrets and information about contract negotiations have been stolen.
NSM are currently unsure how many firms have actually been targeted but know that at least ten firms have been affected so far.
These cyber-attacks on Norwegian firms have added the country to an ever growing list of nations that have lost secrets and intellectual information to hackers.
The attackers managed to gain access to corporate networks by sending emails with viruses attached. These had been customised and designed to avoid detection from anti-malware detection systems. The NSM have revealed that the attackers sent the harmful emails to specific named individuals within firms and had designed the email to look like it had come from a legitimate source.
The companies that were targeted and received the harmful emails are those who they believed were in the process of negotiating large contracts. The data that has been compromised is thought to include usernames, passwords, industrial drawings, contracts and documents. The confidential data that has been stolen has been taken out of the country to an unknown destination.
The NSM believe that the attacks were conducted by one group of people after analysing the methods they used such as the code inside the viruses and how the data was extracted. The NSM has also stated that they are going to publish information about the attacks in an attempt to encourage other targeted firms to come forward and to serve as a warning to other unaffected firms.
In a statement that was released by the NSM, they proclaimed “This is the first time Norway has revealed extensive and wide computer espionage attacks.”
The attacks were discovered when some users discovered that the emails were not from a legitimate source and informed their internal IT security staff. The IT security staff then notified the NSM.
Their major concern for the NSM is that many other companies may well have been hit by these emails and remain unaware that hackers had gained access to their system and stole valuable documents.
