Cyber Incident Victim: Norwegian Radiation Protection Authority

In early February 2017, Norway’s Police Security Service (PST) disclosed a cybertargeting nine email accounts across multiple government and institutional entities. The affected organizations included the Labour Party, the Ministry Ministry, the Defense Ministry, the Police Security Service itself, Norway’s Radiation Protection Authority, and an unidentified college. Attackers employed spear-phtechniques, attempting to deceive individuals into divulging sensitive credentials such as usernames and passwords. The PST attributed the campaign to the Russia-linked advanced persistent threat group known as "Cozy Bear," which U.S. intelligence agencies had previouslyfor the 2016 Democratic National Committee breach. Norwegian officials emphasized the attackers’ suspected ties to the Russian Security Service (FS). The PST revealed it had received advance warnings about the targetedfrom an unnamed foreign partner agency earlier in 2017, though no specific timeframe or detection methodology was disclosed.

Prime Minister Erna Solberg publicly condemned the attacks as a serious assault on Norway’s democratic institutions, though security officials confirmed no classified systems or materials were compromised. The incident occurred amid heightened geopolitical tensions between Norway and Russia, following Norway’s decision to host 300 U.S. Marines at a base in—marking the first permanent of foreign troops on Norwegian soil since World War II. PST spokesman Martin Berntsen acknowledged the foreign intelligence warningbut provided no details regarding containment measures, forensic findings, or technicalof the affected email systems. The Radiation Protection Authority’s inclusion among the targets highlighted the campaign’s broad targeting across civil and security sectors, though no data exfiltration or operational consequences were reported by the impacted entities.