More than 50 Norwegian oil and energy companies have been hacked by unknown attackers, according to government security authorities. A further 250 firms have been advised by the Norwegian government that they ought to check their networks and systems for evidence of a breach, The Local reports. State-owned Statoil, Norway’s largest petro company, appears to be the main target of what’s described as the country’s biggest ever hack attack. Statoil is a major contributor to the Norwegian government’s coffers, and as such – unlike most major oil and gas companies, perhaps – its revenues mainly go to fuel the Scandinavian social miracle rather than funnelling wealth to the usual suspects.
In what’s being billed as the largest ever coordinated cyberattack in Norway, hackers have targeted some 300 different firms within the country’s oil and energy industries. The attacks were revealed last week by the Nasjonal Sikkerhetsmyndighet (National Security Authority Norway), which had been tipped off to the attacks by “international contacts.” The NSM cited 50 companies that were known to have been attacked and another 250 that may have been targets and who received warning letters from the agency,according to the Local, an English-language Norwegian news source. The extent of the hacking remains unknown, though Statoil, the nation’s largest oil and gas firm and one of Europe’s biggest energy suppliers, was among the targets. NSM operations director Hans Christian Pretorius relayed more details to the Norwegian newspaper Dagens Naeringsliv (via Naked Security): “They (the hackers) have done research beforehand and gone after key functions and key personnel in the various companies. Emails that appear to be legitimate are sent to persons in important roles at the companies with attachments. If the targeted employees open the attachments, a destructive program will be unleashed that checks the target’s system for various holes in its security system. If a hole is found, the program will open a communications channel with the hackers and then the “really serious attack programs” can infect the targeted company’s computer system.”