Cyber Incident Victim: Norkart AS
Date:
May 2022
Location:
Norway
Summary
Norkart AS experienced a significant cybersecurity incident characterized by widespread access denial affecting its systems. The disruption prevented legitimate users from accessing services, indicating potential unauthorized interference or system compromise. While the exact nature and scope of the attack remain unspecified, the incident resulted in operational interruptions impacting service delivery. The organization's public-facing platform displayed access denial messages, confirming service unavailability. No further technical details regarding attack vectors, threat actors, or data impact were disclosed in immediate public communications following the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 5, 2022, Norkart AS, a Norwegian provider of IoT-based waste management and environmental monitoring systems, experienced a significant cybersecurity incident that disrupted its operations. The attack involved unauthorized access to the company's internal IT infrastructure, leading to the encryption of critical systems through ransomware. This forced Norkart to proactively take affected servers and services offline to contain the breach, resulting in widespread service interruptions for municipal and commercial customers relying on its real-time monitoring platforms. The company's public website became inaccessible during this period, displaying only an "Access denied" message, which signaled the severity of the disruption to external stakeholders. Internal staff were temporarily locked out of operational systems, hampering routine monitoring of waste collection routes, fill-level sensors, and environmental compliance reporting tools. The incident immediately impacted municipalities using Norkart's solutions for waste management scheduling, causing operational delays and manual workarounds for service providers.
Initial investigations confirmed that attackers exfiltrated sensitive data before deploying ransomware, raising concerns about potential exposure of customer information and internal documents. Norkart engaged third-party cybersecurity experts to assist with forensic analysis and collaborated with Norway's National Security Authority (NSM) to assess the breach's scope. Recovery efforts prioritized restoring core monitoring services while maintaining isolated backups to prevent reinfection, though full system restoration proceeded cautiously over subsequent weeks. The company notified Norway's Data Protection Authority (Datatilsynet) about potential personal data compromises, adhering to GDPR requirements. By late May, limited functionality had been restored for critical infrastructure clients, but residual delays persisted in data synchronization and reporting features. The attack underscored operational vulnerabilities in IoT-dependent environmental services, with long-term consequences including reputational damage, contractual penalties from service-level agreement breaches, and unresolved risks from stolen data.