Cyber Incident Victim: Gjensidige Forsikring ASA
Date:
Jul 2014
Location:
Norway
Summary
A distributed denial-of-service (DDoS) attack targeted Gjensidige and multiple other major Norwegian financial institutions and telecommunications providers, causing partial website outages and customer login disruptions. The attackers exploited a WordPress security flaw alongside other unspecified methods to generate disruptive traffic, with the incident impacting over eight financial sector entities simultaneously. A group claiming affiliation with Anonymous Norway initially took responsibility, citing motivations to raise public awareness about inadequate IT security defenses, but later denied involvement via social media, attributing the attacks to unskilled individuals using basic tools. Technical experts confirmed the attacks required minimal technical expertise, emphasizing the accessibility of such disruptive capabilities through commercial botnet rentals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 8, 2014, multiple distributed denial-of-service (DDoS) attacks targeted major Norwegian financial institutions and businesses, including insurance company Gjensidige, telecommunications provider Telenor, and banks such as DNB, Norges Bank, Sparebank 1, Storebrand, Nordea, and Danske Bank. The attacks commenced in the morning when DNB, Norway's largest financial services group, reported partial website outages caused by junk traffic flooding their systems, disrupting customer access for over an hour. Throughout the day, attackers expanded their focus to other entities, intermittently disrupting online services. IT provider Evry, which delivered services to approximately one-third of Norwegian businesses, confirmed the attacks affected more than eight financial sector organizations simultaneously—an unprecedented scale according to Evry’s security head Sverre Olesen. Attackers exploited a known security vulnerability in WordPress to generate malicious traffic directed at Evry’s infrastructure and its clients, though Evry noted additional unspecified methods were also employed.
Norwegian publication Dagens Næringsliv received an email from individuals claiming affiliation with Anonymous Norway, taking responsibility for the attacks on Norges Bank and other targets while criticizing inadequate cybersecurity preparedness. The message included Anonymous’ signature rhetoric: “We are Anonymous. We do not forgive. We do not forget.” However, Anonymous Norway’s Twitter account later disavowed the attacks, attributing them to “script kiddies” lacking advanced tools. National Security Authority (NSM) technical director Roar Thon corroborated that DDoS attacks required minimal technical skill, stating perpetrators needed only “a credit card and the will to destroy” to rent botnets. The attacks caused temporary service disruptions across multiple sectors, with Norges Bank reportedly unaware of its website’s downtime until notified by the attackers’ email. No definitive motive was established, though the attackers’ communiqué cited a goal to “get the community to wake up” about increasing IT security threats.