The Russian hacking group "APT28" is said to be behind the hack of accounts e-mail of the Norwegian Parliament (Stortinget) which took place on 24 August 2020, according to the Norwegian Police Security Service (PST). The hackers gained access to some accounts emails from Stortinget representatives and officials, as revealed by Parliament's Director Marianne Andreassen.
A statement posted on Parliament's website on 1 September stated that hackers had managed to steal data from each of the compromised email accounts, however the investigators did not reveal what kind of data was stolen.
One month later, Norwegian Foreign Minister Ine Eriksen Søreide revealed additional information about the Norwegian Parliament hack, noting that behind it is the Russia. However, Russia has officially denied Norway's allegations, saying they are not based on solid evidence.
The Norwegian security police also said that they had discovered after a coordinated investigation with the Joint Coordination Center in cyberspace that the Russian hacking group "APT28" (also known as Sofacy, Fancy Bear, Sednit and STRONTIUM) was probably behind attack of August. The hacking group reportedly appears to be linked to Russia's GRU military intelligence service, in particular the 85th Special Services Center (GTsSS).
In addition, an investigation by the Norwegian Security Police found that the operation that affected Parliament is part of a larger national and international campaign, which has been going on since at least 2019.
According to BleepingComputer, APT28 hackers breached a large number of email accounts from Stortinget with brute-force attacks, to obtain valid credentials, which they then used to log in to the accounts.
In addition, they tried to penetrate further into systems Stortinget computers, but, as it turns out, failed in their efforts. However, they managed to gain access to Stortinget and personal accounts, taking advantage of insecure passwords, as well as the fact that users did not apply two-factor authentication (2FA).
APT 28 is known for coordinating several cyber espionage campaigns targeting governments around the world, for its involvement in a German Federal Parliament hack in 2015, and for attacks on the Democratic National Committee (DNC) and the Democratic Congressional Committee. (DCCC) in 2016. In addition, members of this elite Russian military piracy unit were accused by the US of infringement DNC and DCCC, as well as targeting and hacking individual members of the Clinton campaign.
The Council of the European Union also announced sanctions in October against several members of APT28 for their involvement in the German Federal Parliament (Deutscher Bundestag) hack in 2015. Just as in the attack on Stortinget, the attack on German Parliament affected its operation for several days in April and May, resulting in the violation of email accounts of many of its members.