Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts | Sean Lyngaas/CyberScoop
Norwegian authorities on Tuesday got more specific in their accusation of Russian involvement in an August cyberattack on Norwegian parliament, implicating the same notorious group of suspected Russian military intelligence hackers accused of interfering in the 2016 U.S. election. Fancy Bear or APT28 — a group of hackers linked with Russia’s GRU military agency — was likely behind the breach, which resulted in the theft of “sensitive content” from some Norwegian lawmakers’ email accounts, Norway’s national police agency said in a statement. The attackers used a common technique called “brute forcing,” which bombards accounts with passwords until one works, to access the Norwegian parliament’s email system, according to the statement signed by Norwegian police attorney Anne Karoline Bakken Staff. The Fancy Bear operatives then tried to move further into parliament’s IT systems, according to the statement, but were unsuccessful. The intrusions were part of a broader suspected Fancy Bear campaign within and without Norway since at least 2019, Norwegian officials concluded. Norwegian public broadcaster NRK reported that more than 10 organizations in Norway were targeted in the campaign, but did not name them. Relations between Russia and Norway have grown more tense in recent months after Norwegian authorities expelled a Russian diplomat because of his alleged connection to an espionage case, and Russia retaliated by expelling a Norwegian diplomat.