APT28, one of Russia's military hacking units, was most likely responsible for hacking the email accounts of the Norwegian Parliament, the Norwegian police secret service (PST) said today.
The Norwegian Parliament (Stortinget) hack was disclosed earlier this year on September 1. At the time, Stortinget director Marianne said that hackers gained access to the Parliament's email system and accessed inboxes for Stortinget employees and government elected officials[1].
No details about the hack were made public in September, but in a follow-up in October, Foreign Minister Ine Eriksen Søreide said[2] that initial clues suggested that the attack was most likely carried out by Russian hackers, an accusation that Moscow immediately denied.
The next day, Russian Foreign Ministry spokeswoman Maria Zakharova dismissed the allegations[3] as "a planned provocation" from Norwegian officials looking to "destroy bilateral relations" with "no evidence."
Konstantin Kosachev, Head of the Russian Federation Council's Committee on Foreign Affairs, also commented on the matter, calling Oslo's accusations of Russian involvement in the Stortinget hack as "groundless[4]."
Norwegian secret service publishes its findings
But in a PST press release[5] today, Norway's cyber-security agency held the line with the government's initial October accusations.
"The analysis shows that it is likely that the operation was carried out by a cyber actor referred to in open sources as APT28 and Fancy Bear," PST officials said.
"This actor is linked to Russia's military intelligence service GRU, more specifically their 85th Special Services Center (GTsSS)," they added.
PST officials said APT28 hackers breached Stortinget email accounts and tried to pivot to the Parliament's internal networks but failed.
Investigators said Stortinget was to blame for the intrusion as officials and employees used weak email passwords and failed to use two-factor authentication to protect accounts.
Other details about the intrusions