The Storting, Norway’s parliament, have suffered another cyber-attack leading to threat actors stealing data and gaining access to their network systems. This has been done using the recently disclosed Microsoft Exchange vulnerabilities.
Microsoft has recently issued an emergency out of band patch addressing the multiple zero-day exploitable vulnerabilities discovered on the Microsoft Exchange Server. One of the zero-day flaws is known as ProxyLogon, which has been used on this latest cyberattack.
Further analysis has attributed the attack to HAFNIUM, a Chinese government-sponsored hacking group. The vulnerabilities were used to install backdoor web shells to compromise servers and gain access to the organisation’s internal network.
The Storting has yet to know the full extent of the attack but confirmed that data has been extracted and several businesses are affected.
Some measures are being implemented on their systems, and the forensic analysis work is still ongoing. The Storting Director, Marianne Andressen, stated that The Storing is currently in collaboration with the security authorities to get a complete overview of the situation and to estimate the total potential damage of the attack. They, however, believed that this attack is not related to the cyberattack they experienced last August 2020, where the attack is attributed to a Russian state-sponsored hacking group, APT28. Even though Microsoft attributed the exploit of this flaw to the HAFNIUM hacking group, more latter cases confirmed that other hacking groups are utilising it.
A cybersecurity firm‘s new report told us that other cybercriminal groups have been exploiting the zero-day vulnerabilities in addition to HAFNIUM. They had identified that Tick, Calypso, and LuckyMouse hacking group have also been using the flaw even before the out of band emergency patch was released. Additionally, the firm assumes that more hacking groups will jump into the Microsoft Exchange zero-day flaw frenzy as they rush to exploit and hack the systems of organisations globally before they get the patch.
