Cyberattack breaches software platform used by 12 ministries in Norway

08/08/2023 / By Oliver Young

Hackers have exploited a vulnerability linked to mobile device management systems to gather information from several organizations in Norway and breach a software platform used by 12 ministries in the country.

“This vulnerability was unique, and was discovered for the very first time here in Norway. If we had released the information about the vulnerability too early, it could have contributed to it being misused elsewhere in Norway and in the rest of the world,” the Norwegian National Security Authority said in a statement.

Threat actors – a term used for hackers often sponsored by a government – targeted Ivanti Endpoint Manager Mobile to collect information since at least April.

“Mobile device management systems are attractive targets for threat actors because they provide elevated access to thousands of mobile devices,” the U.S. Cybersecurity and Infrastructure Security Agency and Norway’s National Cyber Security Center said.

Ivanti released patches for the vulnerabilities on July 23 and July 28.

This kind of attack is what the group called Cult of the Dead Cow is trying to stop. The group has been known for distributing hacking tools and shaming software companies into improving their security.

Just recently, it developed a coding framework that can be used by app developers who are willing to embrace strong encryption. It is meant to give users of messaging and social networking apps a safer environment.

Veilid seeks to protect personal data of users

Called Veilid, the code can be used by developers to build applications for mobile devices or the web. Those apps will pass fully encrypted content to one another using the Veilid protocol. The network will get faster as more devices join and share the load – just like the file-sharing software BitTorrent, which distributes different pieces of the same content simultaneously.

In such decentralized “peer-to-peer” networks, users download data from one another instead of from a central machine. This means the apps won’t be able to keep the personal data of users.

This effort seeks to provide a foundation for messaging, file sharing and even social networking apps without harvesting any data and secured by the kind of end-to-end encryption that makes interception hard even for governments.

The downside to this is that programmers may be reluctant to design apps compatible with Veilid due to limited earning potential. The potential revenue streams are limited by the inability to collect detailed information that has become a primary method for distributing targeted ads or pitching a product to a specific set of users.

But it provides a stronger defense against hackers who are trying to spy on or steal personal information from mobile users.

“It’s great that people are developing an end-to-end encryption framework for everything,” said Cindy Cohn, executive director of the nonprofit Electronic Frontier Foundation. “We can move past the surveillance business model.”

Veilid is the most significant release in more than a decade from Cult of the Dead Cow, the longest-running and most influential U.S. hacking group.

Christien Rioux, a prominent member of the group and co-founder of two-billion-dollar company Veracode, wrote the vast majority of the more than 100,000 lines of code in the Veilid framework.

Visit CyberWar.news for more news about cyberattacks happening around the world.

Watch InfoWars founder Alex Jones as he issues a cyberattack warning.

This video is from the EARTH SHAKING NEWS channel on Brifhteon.com.