Cyber Incident Victim: Defense ministry

In February 2017, Norway’s Police Security Service (PST) disclosed that nine email accounts across multiple government and institutional entities had been compromised by hackers linked to Russian intelligence. The attackers targeted the Norwegian Labour Party, the Foreign Ministry, the Defense Ministry, the PST itself, the Radiation Protection Authority, and an unidentified college. Security officials attributed the campaign to "Cozy Bear," a group associated with Russia’s Federal Security Service (FSB), which U.S. authorities had previously implicated in the 2016 Democratic National Committee breach. The hackers employed spear-phishing techniques designed to extract sensitive credentials such as usernames, passwords, and financial data. PST Section Chief Arne Christian Haugstøyl confirmed the intrusions to Norwegian media but emphasized no classified systems or materials were breached. Prime Minister Erna Solberg characterized the incident as a severe assault on Norway’s democratic institutions, reflecting broader concerns about foreign interference.

The PST revealed it had received advance warnings earlier in 2017 from an unnamed foreign partner agency about planned attacks against Norwegian email servers. While the specific detection methods or technical mitigations were not detailed, PST spokesman Martin Berntsen confirmed the agency acted on these alerts. The incident occurred amid heightened tensions between Norway and Russia following the arrival of 300 U.S. Marines in Norway—the first permanent foreign troop deployment there since World War II. Norwegian authorities did not report data theft or operational disruptions from the breaches but underscored the psychological and political impact of targeting critical democratic and security entities. No additional countermeasures or forensic findings were disclosed beyond the initial attribution and confirmation of compromised accounts.