The Norwegian intelligence agency (PST) said the likely perpetrators were the Fancy Bear collective — a group regularly accused of attacks including on the US election — but there was not enough evidence to pursue charges.
A “vast” cyberattack on August 24th gained access to the emails of some MPs and parliamentary employees, officials announced at the time, without speculating on the identity of the attackers.
Norwegian Foreign Minister Ine Eriksen Søreide later accused Russia of being behind the attack, and PST investigators have now strengthened her claims.
“The investigation shows that the network operation which the Storting (Norwegian parliament) was subjected to was part of a broader national and international campaign that has been going on since at least 2019,” PST said in a statement.
“Analyses show that it is likely that the operation was led by a cyber actor … known as APT28 or Fancy Bear. This actor has ties to GRU, Russia's military intelligence agency.”
Using a method known as a “brute force attack”, where multiple passwords and usernames are submitted with the hope of eventually getting the right combination, the hackers were able to download “sensitive” information, PST said.
“The investigation has however not yielded enough elements to bring charges,” it said in a statement.
Russia's embassy in Norway has yet to comment on the PST findings, but in October it lambasted Eriksen Søreide's accusation as “unacceptable”.
“We consider this a serious and wilful provocation, destructive for bilateral relations,” the embassy said on its Facebook page at the time.
While relations are generally good between NATO member Norway and Russia, who share a border in the Far North, several espionage cases on both sides have soured relations in recent years.
Norway's intelligence agency regularly singles out Russia as one of the country's main espionage threats alongside Iran and China.