Norway‘s parliament, the Storting, suffered a new cyberattack in which the attackers stole data by exploiting the recently disclosed vulnerabilities in Microsoft Exchange, collectively tracked as ProxyLogon.
Microsoft has released emergency out-of-band security updates last week that addressed four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild.
The comppany reported that at least one China-linked APT group named HAFNIUM exploited these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments.
According to a statement by Storting, they have been hit by an IT attack which is linked to vulnerabilities in Microsoft Exchange, that had affected several businesses.
Storting director Marianne Andreassen confirmed the data breach, but the full extent of the attack is not yet known at the moment. He said that they have implemented numerous measures in their systems, and the analysis work in collaboration with the security authorities is ongoing.
This is not the first time that Storting was hit by a cyber attack. In August last year, the Norway ‘s Parliament was a target of a major attack that allowed hackers to access emails and data of a small number of parliamentary representatives and employees. Norway‘s government blamed Russia for the cyberattack.
For the current breach, it is not possible to attribute it to a specific threat actor. Security experts observed Hafnium wasn’t the unique APT group exploiting Microsoft Exchange vulnerabilities in his attacks.
It was found that other threat actors, such as cybercrime Tick, LuckyMouse, and Calypso, had also been exploiting the ProxyLogon flaws before Microsoft addressed them.