fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Norway: Russian APT28 State Hackers Likely Behind Parliament Attack

Norway: Russian APT28 State Hackers Likely Behind Parliament Attack

Russian-backed hacking group APT28 has likely brute-forced multiple Norwegian Parliament (Stortinget) email accounts on August 24, 2020, according to the Norwegian Police Security Service (PST, short for Politiets Sikkerhetstjeneste).

Attackers gained access to a limited number of Stortinget email accounts of representatives and employees as disclosed by Stortinget director Marianne Andreassen.

statement published on the parliament’s site on September 1 said that they were able to steal data from each of the hacked email accounts however investigators didn’t disclose what data was exfiltrated from the compromised parliamentary email inboxes.

One month later, Norway’s Minister of Foreign Affairs Ine Eriksen Søreide shared additional info on the August Parliament attack saying that Russian hackers were responsible for the breach.

Russia officially denied Norway’s accusations saying that they aren’t based on evidence according to news agency TASS.

“As usual, accusations are posed with no effort made to present any proof or to propose to discuss the incident at an expert level,” Konstantin Kosachev, the head of the Russian Federation Council Committee on Foreign Affairs, said in a statement.

APT28 likely behind Parliament attack

However, the Norwegian Police Security Service now says that it discovered after a coordinated investigation with the Joint Cyber ​​Coordination Center that the Russian state-sponsored APT28 hacking group was likely behind the August 2020 Stortinget attack.

“The analysis shows that it is likely that the operation was carried out by the cyber actor referred to in open sources as APT28 and Fancy Bear,” Norwegian Police Attorney Anne Karoline Bakken Staff said.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

“This actor is linked to Russia’s military intelligence service GRU, more specifically their 85th Special Services Center (GTsSS).

“The investigation shows that the operation that the Storting was affected by is part of a larger campaign nationally and internationally, which has been going on at least since 2019.”

APT28 operators hacked a large number of Stortinget email accounts using brute-forcing to obtain valid credentials and used those to log into a limited number of accounts.

The hackers also tried to further infiltrate the Stortinget computer systems but, based on all evidence, they failed in their attempts.

They were able to gain access to the Stortinget and personal accounts by taking advantage of insecure passwords and the fact that the users did not enable two-factor authentication (2FA).

Sanctioned for a similar attack on the German Federal Parliament

APT 28 (also tracked as Sofacy, Fancy Bear, Sednit, STRONTIUM) is a group of Russian nation-state hackers, members of Unit 26165 and Unit 74455 of the Russian Main Intelligence Directorate (GRU), the country’s military intelligence service.

They are known for coordinating multiple cyber-espionage campaigns targeting governments around the world and their involvement in a 2015 hack of the German federal parliament and attacks on the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC) in 2016.

Members of this elite Russian military hacking unit were charged by the US for hacking the DNC and the DCCC, as well as for targeting and hacking individual members part of the Clinton Campaign.

The Council of the European Union also announced sanctions in October against multiple APT28 members for their involvement in the 2015 hack of the German Federal Parliament (Deutscher Bundestag).

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Just as in the attack against the Stortinget, the Deutscher Bundestag attack affected the parliament’s operation for several days in April and May, and to the compromise of several parliament members’ email accounts.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us