Norway’s national telecoms provider Telenor has been hit by a major case of industrial espionage with attackers stealing a sizable cache of files and emails from unnamed executives, local media have reported.
According to translated reports, the company’s 20-person security team became aware of suspicious traffic from the PCs of employees to external IP addresses last Friday, which turned out to be a major data theft that turned over files, emails and passwords.
The attacks were quickly rated as serious enough to be reported to the country’s Cyberforsvaret defence service as well as the national CERT to allow for a wider national alert.
What was stolen or which employees were hacked has not been revealed.
The company believes that attacks were initiated by attachments and malicious links that installed previously unknown Trojans as part of a targeted campaign sophisticated enough to impersonate contacts known to the victims.
”It looks like those who were behind this have massive resources and a lot of competence,” said Rune Dyrlie, Telenor Norge security director in translated comments to the Aftenposten newspaper.
“It’s a huge challenge to get to the bottom of this. No matter what you do, you have to have systems that monitor the systems to watch for abnormalities.”
Despite its small-country origins, Telenor is a major global telecoms player, employing 31,000 people around the world. That size and reach alone would have made it an interesting target for attackers.
It’s not the first time Norway has been hit by industrial espionage. In 2011, the country’s energy firms reported custom Trojan attacks almost idential in design to those said to have affected Telenor in recent days.
Earlier the same year, 100 personnel in the country’s military were on the receiving end of an attempted cyber-attack. Norway is a member of NATO.