Cyber Incident Victim: Nordea
Date:
Jul 2014
Location:
Norway
Summary
A distributed denial-of-service (DDoS) attack targeted multiple Norwegian financial institutions, including Nordea, alongside telecommunications and banking entities, causing partial website outages and customer login disruptions. The attackers exploited a WordPress security flaw to generate junk traffic, with Evry IT services confirming simultaneous impacts on numerous central finance sector players. While Anonymous Norway initially claimed responsibility via a message urging awareness of IT security vulnerabilities, they later denied involvement on social media, attributing the attacks to unskilled actors using basic tools. The incident highlighted the accessibility of such attacks, requiring minimal technical expertise but financial resources to rent botnets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 8, 2014, multiple distributed denial-of-service (DDoS) attacks disrupted the online services of major Norwegian financial institutions and businesses, including Nordea, DNB, Norges Bank, Sparebank 1, Storebrand, Gjensidige, Danske Bank, and telecommunications provider Telenor. The attacks began in the morning when DNB, Norway’s largest financial services group, reported partial website downtime due to junk traffic overwhelming its systems, causing customer login difficulties for over an hour. Throughout the day, attackers expanded their targets to include additional entities, with IT services provider Evry—responsible for approximately one-third of Norway’s IT infrastructure—confirming that more than eight financial sector organizations were simultaneously affected. Sverre Olesen, Evry’s security team lead, noted this marked the first time so many central finance sector players had been hit in a coordinated attack. The attackers exploited a known security vulnerability in WordPress to generate malicious traffic directed at Evry’s servers and its customers, though Evry acknowledged other unspecified methods were also utilized without disclosing further technical details.
The hacker group Anonymous Norway initially claimed responsibility for the attacks in an email to Norwegian publication Dagens Næringsliv, citing motivations to “wake up the community” to inadequate IT security protections amid rising cyber threats. The message, signed with Anonymous’s signature “We do not forgive. We do not forget. Expect us,” specifically referenced the attack on Norges Bank, which was unaware of its website’s downtime until notified. However, Anonymous Norway later denied involvement via Twitter, attributing the attacks to “script kiddies” lacking advanced tools. Roar Thon, technical director of Norway’s National Security Authority (NSM), corroborated that the DDoS attacks required minimal technical skill, stating they could be executed by anyone with “a credit card and the will to destroy,” referring to the commercial availability of botnet-for-hire services. While the precise motivation remained unconfirmed, the incident highlighted the vulnerability of critical financial infrastructure to low-complexity attacks, disrupting customer access and operational continuity across multiple institutions. No specific remediation actions or financial losses were detailed in available reports.