APT-29 cyber operations against government agencies of Norway and the Netherlands (2016-2017)
Jump to navigation
Jump to search
Date | 2016-2017.[1] |
---|---|
Suspected actor | Advanced Persistent Threat 29 (‘APT29’), also known as ‘Cozy Bear’. In February 2017, Rob Bertholee, the then head of the Dutch General Intelligence and Security Service (AIVD), attributed the attack on the Dutch ministries to Russia.[1] Similarly, in January 2017, Arne Christian Haugstøyl, then section chief of the Norwegian Police Security Service (PST), attributed the attacks on Norwegian entities to Russia.[2] |
Target | In the Netherlands, the Dutch Ministry of General Affairs was targeted, alongside other unnamed ministries.[1] In Norway, email accounts of civil servants in the Ministry of Defence and Ministry of Foreign Affairs as well as the Norwegian Labor Party and the PST were targeted.[2] |
Target systems | N/A |
Method | Spear-phishing. Both the Dutch and Norwegian targets were sent malicious emails designed to extract sensitive information.[1][3] |
Purpose | Whilst the precise motives of APT-29 are unknown, the group have been accused of various attacks against other democratic governments, parties and institutions across the world including in Germany, the US and South Korea.[4] Accordingly, the 2016-2017 attacks fit into a similar pattern of attempting to covertly collect political and military intelligence via cyber operations.[1] |
Result | The Dutch did not report that the attacks had been successful.[1] Similarly in Norway, it was also not reported that the attacks had succeeded in breaching the targeted systems.[2] |
Aftermath | Erna Solberg, the then Norwegian Prime Minister, described the attacks as a ‘serious attack on our democratic institutions’. A subsequent report conducted by the PST indicated that Russian cyber espionage was one of the biggest threats to Norway,[5] an assessment that was criticised by the Russian Embassy as ‘striving to achieve a return to the times of the Cold War.’[6]
In the Netherlands, the AIVD did not specify any consequences or measures to be taken following the attack,[1] though the government opted to count votes for the contemporary March 2017 general election by hand, rather than digitally.[7] |
Analysed in | Scenario 02: Cyber espionage against government departments |
Collected by: Tom Davies
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 De Volkskrant, ‘Russian hackers tried to break into the Ministry of General Affairs’ (4 February 2017).
- ↑ 2.0 2.1 2.2 NRK, ‘Norway exposed to an extensive hacker attack’ (3 February 2017).
- ↑ USA Today News, ‘Norway: Russian hackers hit spy agency, defense, Labour party’ (3 February 2017).
- ↑ Securelist, ‘The CozyDuke APT’ (21 April 2015).
- ↑ NRK, ‘PST on Russian mapping of Norway: - Can shake our ability to hold the country’ (1 February 2017).
- ↑ NRK, ‘Russia against PST's threat assessment: - Anti-Russian!’ (2 February 2017).
- ↑ The Guardian, ‘Dutch will count all election ballots by hand to thwart hacking’ (2 February 2017).