Cyber Incident Victim: Storebrand ASA
Date:
Jul 2014
Location:
Norway
Summary
A distributed denial-of-service (DDoS) attack targeted multiple Norwegian financial institutions, including Storebrand, disrupting online services and preventing customer access to banking platforms. The attackers, initially claiming affiliation with Anonymous Norway, exploited a WordPress security flaw and other methods to overwhelm victim servers, though the group later denied responsibility, attributing the incident to unsophisticated actors. A national security official confirmed such attacks require minimal technical skill, often involving rented botnets, while motivations remained unclear but potentially ranged from financial to political objectives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 8, 2014, multiple distributed denial-of-service (DDoS) attacks targeted major Norwegian financial institutions and businesses, including Storebrand, DNB, Norges Bank, Sparebank 1, Gjensidige, Nordea, Danske Bank, and telecommunications provider Telenor. The attacks began in the morning when DNB, Norway’s largest financial services group, reported partial website downtime caused by junk traffic overwhelming its systems, disrupting customer access for over an hour. Hackers claiming affiliation with Anonymous Norway executed coordinated strikes throughout the day, leveraging a known security vulnerability in WordPress to direct malicious traffic toward servers operated by IT provider Evry, which supported approximately one-third of Norway’s IT services. Evry confirmed the attackers employed additional undisclosed methods beyond the WordPress exploit. Norwegian media outlet Dagens Næringsliv received a message from Anonymous Norway taking responsibility for the attacks on Norges Bank and other entities, though Norges Bank was unaware of its website outage when notified. The message cited motivations to "wake up the community" regarding inadequate IT security protections against escalating cyber threats.
The attacks marked the first simultaneous targeting of over eight central financial sector players in Norway, according to Sverre Olesen, Evry’s security head. While service disruptions were resolved within hours for most entities, the incident highlighted systemic vulnerabilities, as National Security Authority (NSM) technical director Roar Thon emphasized that such DDoS attacks required minimal technical skill—only a credit card to rent botnets for flooding victim systems with junk data. Anonymous Norway later disavowed the attacks via Twitter, attributing them to "script kiddies" lacking advanced tools. Evry acknowledged the multi-vector assault but withheld specifics about the exploited vulnerabilities. No definitive motive was established, though sources suggested financial or political incentives. The incident underscored the accessibility of disruptive cyber tactics against critical infrastructure without sophisticated hacking capabilities.