Criminals take control of IT Systems in Norway

network router IT Systems NSMNetwork router.Photo:

Criminals take control of Norwegian IT Systems

The Norwegian National Security Authority (NSM) is increasingly experiencing that the IT Systems of random Norwegian companies is taken over by foreign criminals to establish command hubs.


Foreign intelligence or criminals exploit inadequately unsecured servers to gain control over IT Systems, the National Security Authority (NSM) announces in its annual report on ICT-security. The purpose is to establish «command and control servers in Norway».

– These are subsequently incorporated in the global infrastructure of the threat actors. The compromised systems do not constitute targets in themselves but act as intermediaries for traffic between the real target and the threat actor. They will become bridgeheads in further operations against other targets, writes the NSM.

Still a plethora of email attacks

The report was presented at the opening of the National Security Month on Thursday. Acting Nuclear Security Director in the NSM, Bente Hoff, explains that it is still foreign intelligence and data crime in general that constitute the biggest digital threats to Norway.

– The foremost targets are political leadership, defence, finance and high tech businesses, she states.

The methods are largely the same as before.

– Email as the attack angle is still extremely important. The same goes for DDOS (Denial of Service) attacks, Hoff continues.

Compromising infrastructure

She highlights that there are some areas where the MSN see an increase. This applies to the abovementioned acquisitions of Norwegian servers, but also the activity that the NSM terms as «Recognition and Mapping.»

– In other words, scanning activity to find open ports and similar activities, Hoff says.

This usually occurs using open sources – to identify weak points in the defence.

– The company’s infrastructure can then be compromised to gain access to data and information or to obtain a foothold in the company’s infrastructure. An attacker will typically either exploit vulnerabilities in exposed services or introduce malware, such as email, the NSM concludes in the report.


© NTB scanpix / #Norway Today