In what's being billed as the largest ever coordinated cyberattack in Norway, hackers have targeted some 300 different firms within the country's oil and energy industries. The attacks were revealed last week by the Nasjonal Sikkerhetsmyndighet (National Security Authority Norway), which had been tipped off to the attacks by "international contacts.”
The NSM cited 50 companies that were known to have been attacked and another 250 that may have been targets and who received warning letters from the agency, according to the Local, an English-language Norwegian news source. The extent of the hacking remains unknown, though Statoil, the nation's largest oil and gas firm and one of Europe's biggest energy suppliers, was among the targets.
NSM operations director Hans Christian Pretorius relayed more details to the Norwegian newspaper Dagens Naeringsliv (via Naked Security):
They (the hackers) have done research beforehand and gone after key functions and key personnel in the various companies. Emails that appear to be legitimate are sent to persons in important roles at the companies with attachments. If the targeted employees open the attachments, a destructive program will be unleashed that checks the target's system for various holes in its security system. If a hole is found, the program will open a communications channel with the hackers and then the "really serious attack programs" can infect the targeted company’s computer system.
The goal is to plant a Trojan or a virus on the machine. The first program just sets up contact. Then the attacker can sit outside and download damaging code.
It would seem this is an advanced version of a pretty typical method of a trojan horse attack. Once a keylogger is in place, hackers can record a user's every move, including what passwords they enter. The next step is to extract a password and soon enough the targeted firm has a big gaping information hole. Pretorius suggested the hackers may have been after intellectual property, and probably so.
It shouldn't be all that surprising: IP theft is big business, after all. Globally, the direct impacts of IP theft have been estimated at over $350 billion in losses annually. This beats out the entirety of the global drug market ($320 billion, according to a popular UN report).
Norway's been here before. A 2011 malware attack against the country's energy firms netted user names, passwords, industrial drawings, and contracts. The social engineering-based hacking methods then were much the same, likewise involving individually-crafted email bait, a method known as spearphishing.
Things in 2014 are a bit different, however. Over the past couple of years Statoil has been pursuing a partnership with the Russian state oil company Rosneft. Just last week, Statoil officials announced that the Norwegian firm will stand by this arrangement, which includes a joint exploration mission in Norway's Barents Sea, even as tensions between Russia and the West continue to escalate. Increased sanctions will likely slow some of the joint venture's upcoming projects, but perhaps it's also worth considering how some might interpret a deal between Statoil and a nation doubling down on its anti-Europe pose.
Statoil has plenty of other enemies, of course, including the usual anti-oil/anti-gas blocs but also indigenous and environmental groups who have deep stakes in blocking the energy firm's myriad drilling operations and-or potential operations. All that said, money persists over politics, and Occam's razor will lead us back where we started: regular old stealing for profit.