Cyber Incident Victim: Telenor Group
Date:
Jul 2014
Location:
Norway
Summary
A telecommunications company and multiple major Norwegian financial institutions experienced distributed denial-of-service (DDoS) attacks, causing service disruptions including website downtime and customer access issues. The attackers, initially claiming affiliation with Anonymous Norway, exploited a WordPress vulnerability among other methods to generate malicious traffic, though the group later denied involvement and attributed the attacks to less sophisticated actors. Security experts highlighted that such attacks require minimal technical skill, relying instead on accessible resources like rented botnets, with motivations remaining unclear but potentially ranging from political to financial objectives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 8, 2014, multiple distributed denial-of-service (DDoS) attacks targeted major Norwegian financial institutions and telecommunications provider Telenor. The attacks commenced in the morning when DNB, Norway's largest financial services group, reported partial website downtime caused by junk traffic flooding its systems, disrupting customer access for over an hour. Throughout the day, attackers expanded their focus to include Norges Bank (Norway's central bank), Sparebank 1, Storebrand, Gjensidige, Nordea, Danske Bank, and Telenor. Sverre Olesen of IT services provider Evry noted this marked the first simultaneous attack against eight central finance sector entities in Norway, though he characterized the attack scale as not unprecedented. The coordinated strikes caused intermittent service disruptions across victim organizations, with Norges Bank reportedly unaware of its website outage until after receiving a claim of responsibility.

Attackers exploited a known security vulnerability in WordPress to generate malicious traffic directed at Evry's infrastructure and its customers. Evry confirmed additional attack methods were employed but withheld technical specifics. Norwegian publication Dagens Næringsliv received an email from "Anonymous Norway" claiming responsibility, stating the attacks aimed to "wake up the community" about inadequate cybersecurity defenses against rising threats. The message included Anonymous' signature rhetoric: "We are Legion. We do not forgive. We do not forget." However, Anonymous Norway's Twitter account later disavowed the attacks, attributing them to "script kiddies" lacking advanced tools. National Security Authority technical director Roar Thon corroborated the low technical barrier, stating DDoS attacks only require "a credit card and the will to destroy," referencing the commercial availability of botnet-for-hire services. While the attackers' precise motivations remained unconfirmed, analysts cited financial or political possibilities given the broad targeting of economically critical entities.
