Shutdown of e-mail solution following cyberattack

This content is more than 1 year old.

A new e-mail solution is being deployed for employees at 12 ministries today and the old e-mail solution is being shut down. This is an important and necessary security measure following a cyberattack on the ICT system for the 12 ministries.

“The central government is taking the situation very seriously. Following recommendations from the country’s leading security professionals, we are now taking the necessary steps to secure vital services for operations and accessibility in the ministries,” says Sigbjørn Gjelsvik, Minister of Local Government and Rural Affairs.

“The ministries have excellent procedures and systems in place to ensure that the work of the central government can continue as normal. This is also the case in this situation. The changes that are now being implemented affect only e-mail and calendar services,” Gjelsvik says.

If an unknown threat actor has gained access to e-mail services, the clear advice from the Norwegian National Security Authority (NSM) is that the old e-mail solution must be shut down.

“Zero-day vulnerabilities were exploited in this case, which is evidence of an advanced and resourceful threat actor that it is difficult to protect against. The best defence is to follow the established standards for cybersecurity, such as NSM’s fundamental principles. This will increase the likelihood of detecting incidents and contribute to damage limitation,” says Geir Arild Engh-Hellesvik, Department Director at the Norwegian National Security Authority.

The cyberattack is still under investigation by the police, while the Norwegian Government Security and Service Organisation (DSS) is also carrying out related inquiries. Due to the ongoing investigations, it is too early to provide detailed information regarding the nature and scope of the cyberattack.

On 24 July, the Ministry of Local Government and Rural Affairs, DSS and NSM announced that there had been a cyberattack against a shared ICT platform used by 12 ministries.

“We announced that e-mail synchronisation had been disabled for mobile devices. We also announced that new security measures could be implemented,” Gjelsvik says.

The investigations carried out by DSS and its security services suppliers identified previously unknown security vulnerabilities, known as zero-day vulnerabilities, in the Ivanti Endpoint Manager mobile software. These security vulnerabilities provided the gateway for the attack and have now been closed.

The ministries and DSS are now working to secure the data contained on the ICT platform, while also ensuring that employees are given a new e-mail solution. Anyone who contacts the ministries after the old e-mail accounts have been disabled can rest assured that their message will reach the new e-mail accounts.