Norway says Ivanti zero-day was used to hack govt IT systems (opens in new tab)

(bleepingcomputer.com)

15 pointsftrobro2y ago4 comments

4 comments

4 comments · 2 top-level

tamimio2y ago· 2 in thread

And still you will see folks using and/or defending the use of having mobile phones as an identification for messaging apps or as a 2FA.. yes, I’m looking at you Signal users.

ThomasBb2y ago

Replying in the wrong thread?

tamimio2y ago

Not really, the article stated that some of the PII leaked data are phone numbers

>paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device

And guess who’s still using phone numbers as an identification in their messaging app?

It might not be seen as a direct breach on such apps that promote itself as “privacy focused”, but these breached data eventually will be leaked, and knowing name/phone is more than what’s needed to carry out an advance attack, spear phishing, expoits or even sim swap attacks, either on the phone itself or targeting those specific privacy apps, let alone to unmask people who’s using them, basically the opposite of what private is meant to be.

Hanschri2y ago

To put the hack into perspective, there are 16 ministries in Norway, and 12 were affected by this hack. The article specifies that the only ministries not affected were: the Prime Minister's Office, the Ministry of Defense, the Ministry of Justice, and the Ministry of Foreign Affairs. A list of the rest of the ministries can be found on the government's website in English [0]. While the scale of the attack is unfortunate, I feel like the four ministries that seemingly dodged the bullet were the most important ones.

As an additional note, the websites for the Norwegian police and the Norwegian Police Security Service (Politiets sikkerhetstjeneste) were both down earlier today due to DDoS attacks. The websites for newspapers owned by the biggest media organization in Norway, Schibsted, were also hit by DDoS attacks today.

Without speculating or trying to attribute the DDoS attacks (not the actual hack), there have been multiple previous occurrences where assorted Russian groups have taken credit for similar kinds of DDoS attacks towards government and media websites. This has seemingly been due to Norway's support of Ukraine and condemnation of Russia in the current war.

Edit: Clarified the last paragraph

[0]: https://www.regjeringen.no/en/dep/id933/

j / k navigate · click thread line to collapse