Norway parliament (Storting) is the latest addition to the growing list of organizations affected by cyberattacks exploiting vulnerabilities in Microsoft Exchange email program.
“The Storting has again been hit by an IT attack. The attack is linked to vulnerabilities in Microsoft Exchange, which affected several businesses,” the Storting director Marianne Andreassen said in a press release.
According to Andreassen, the full extent of the damage caused by the attack is not clear yet, however, she confirmed that the attackers were able to steal some data.
“We know that data has been extracted, but we do not yet have a full overview of the situation,” she said. ”We have implemented comprehensive measures and cannot rule out that it will be implemented further. The work takes place in collaboration with the security authorities. The situation is currently unclear, and we do not know the full potential for damage.”
While it is currently unknown who may be behind this recent attack, the Storing said the incident is not related to an August 2020 cyber attack on Norwegian parliament’s email system, which was attributed to a hacker group most commonly known as Fancy Bear or APT28.
Earlier this week, a security researcher shared a fully working proof-of concept code (PoC) for a set of vulnerabilities affecting Microsoft Exchange Server collectively called “ProxyLogon” that have been actively exploited by threat actors since the beginning of this year.
Last week, Microsoft released the emergency security updates for its Exchange Server enterprise email product to patch four zero-day vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) that have been actively exploited in real-world attacks. At the time, the tech giant attributed the attacks to a China-linked threat actor called Hafnium, which is focused on a number of industry sectors in the US, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, seeking to steal information