Cyber Incident Victim: Stortinget

The Norwegian Parliament (Stortinget) disclosed a cyberattack on September 1, 2020, following the detection of anomalies in its internal email systems approximately one week earlier. Administrative Director Marianne Andreassen confirmed that attackers compromised email accounts belonging to a limited number of elected representatives and parliamentary employees. The breach resulted in unauthorized data exfiltration, with analyses indicating varying volumes of information were downloaded from the affected accounts. While the exact scope of compromised data remained under investigation, parliament officials directly notified impacted individuals about the intrusion. Immediate containment measures were implemented upon discovery, successfully halting further unauthorized activity. The parliament collaborated with Norway’s National Security Authority (NSA) to investigate and mitigate the incident, though no technical specifics regarding the attack vectors or intrusion methods were disclosed publicly.

Andreassen characterized the incident as a "comprehensive IT attack" but did not attribute it to any specific threat actor or nation-state. The parliament’s IT security teams continued evaluating additional safeguards to strengthen defenses against evolving threats, acknowledging the persistent challenges posed by sophisticated adversaries. No ransomware deployment, financial motives, or disruptive impacts on legislative operations were reported. The incident underscored systemic vulnerabilities in governmental email systems, prompting heightened scrutiny of parliamentary cybersecurity protocols. Despite the lack of clarity regarding attacker identity or objectives, the breach highlighted the targeting of democratic institutions for potential intelligence gathering or espionage purposes. Ongoing forensic analyses focused on determining the full extent of data exposure while maintaining parliamentary functions without significant interruption.