Norway’s top financial institutions have been hit in what appears to be a coordinated cyber-attack, the biggest-ever the country has experienced. Anonymous Norway may be responsible for the operation.
The Tuesday attack targeted at least eight top Norway companies, including central Norges Bank, Sparebank 1, Danske Bank and insurance companies Storebrand and Gjensidige. Three Norwegian airlines and a big telecommunication company may also have been affected by the same attack.
The malicious bombardment with requests caused traffic problems for their website and disrupted access throughout the day. This affected the banks’ online payment services as well.
“The scale is not the largest we have seen, but it is the first time it has hit so many central players in the finance sector in Norway,” said the head of Evry’s security team, Sverre Olesen in an interview with Dagens Næringsliv business newspaper. Evry provides services to many of the affected companies and was busy dealing with the emergency.
The company said the attackers used a vulnerability in the blogging platform WordPress and other venues to hit the websites. They didn’t appear to try to hack into the targets’ networks and try to steal any personal information, it added. The source of the attack was abroad, Evry said.
Norway’s National Security Authority (Nasjonal sikkerhetsmyndighet, NSM) said it was investigating the attack, but could not identify the perpetrators yet.
The newspaper said it received an email signed by Anonymous Norway claiming responsibility for the DDoS attack on the banks. The email came before the news about it broke.
But a tweet on the Anonymous Norway Twitter account denied the hacktivist group’s involvement, saying they were “laughing at those who think we are behind the attacks.”