Around 10,ooo public sector employees in Norway’s eastern region of Hedmark woke up Wednesday with their work email unavailable or even compromised. County officials said the attack on email systems used by seven separate municipalities came from “foreign swindlers.”
The alleged swindlers, detected Tuesday night, “are trying to gain access to our users’ email accounts,” wrote Hedmark IKT in a press release late Tuesday night. Hedmark IKT runs information technology systems for municipalities in Hamar, Stange, Kongsvinger, Sør-Odal, Løten, Nord-Odal and Grue.
The attack on Hedmark IKT’s email servers then proceeded to send out dangerous attachments to other employees’ email accounts, disguised as if they were coming from a municipal colleague. It’s thus difficult, the press release states, for recipients to notice that the email is false.
Email cut off
Hedmark IKT wrote that when the attack was discovered, it had to cut off all incoming email “for all our users.” Its staff then scrambled to assess the extent of the attack and methods used, “so we could stop further attacks” and control any damage so far.
Employees were sent text messages as an alternative to email, warning them against opening any attachments on email tied to their work.
The attack on the public sector workers in Hedmark came just hours after Norway’s Parliament had announced an attack on its own systems last week. It remained unclear whether they were related, but both attacks were described as “extremely serious” and “refined.”
“The attack came from several places abroad,” Edvard Lysne of Hedmark IKT told Norwegian Broadcasting (NRK) during what became a long night of emergency efforts to limit its effects. “This was more refined than anything we’ve experienced before.” He described those behind it as “evil players who want to compromise systems.” Several employees had already opened the attachments that can compromise email security, but Hedmark IKT wasn’t yet sure how many had done so.
Could hurt anti-Corona efforts
Knut Storberget, a former justice minister for the Labour Party who now serves as governor of the large merged Innland county that includes Hedmark, stressed how the attack could damage efforts to combat the Corona virus. “It hits just as we’re doing what we can to limit the spread of Covid-19,” Storberget told NRK. “An attack on IKT systems can hurt necessary communication to handle the Covid-19 crisis, so this is serious.”
One of the largest cities in Hedmark, Hamar, is in the middle of a new Covid-19 outbreak but its top administrative leader, Christl Kvam, said there hadn’t been any direct consequences of the attack so far. Employees were carefully using email again on Wednesday along with text messages. All were being urged to check the actual sender of mail received, by clicking on the sender’s name. In the case of several emails caught during the night, reported NRK, the sender wasn’t the person listed as sender but rater “email@example.com.”