Hackers unleash torrent from Norwegian dam, releasing 132 gallons per second for four hours

S

Skye Jacobs

Posts: 1,918   +58
Staff
In a nutshell: Norwegian authorities have officially attributed a recent cyberattack on a dam in Bremanger, Norway, to Russia, raising concerns over sabotage targeting critical infrastructure across Europe. The incident marks the first time Oslo has formally linked such an attack to pro-Russian actors.

In April, hackers remotely accessed the Bremanger dam's digital controls, which manage fish farming operations, and opened a valve. Reuters notes that the attack released 132 gallons of water per second for four continuous hours before authorities detected and stopped the breach.

While authorities report that no injuries or material damage resulted from the two-million-gallon deluge, intelligence agencies said the operation was part of a broader campaign aimed at intimidating and unsettling the general population

"Our Russian neighbour has become more dangerous," said Beate Gangås, head of Norway's Police Security Service, who spoke at a briefing on hybrid attacks.

Technical evidence of the attack appeared in a three-minute video posted to Telegram, watermarked with identifiers of a pro-Russian cybercriminal group. Police attorney Terje Nedrebø Michelsen confirmed the video's authenticity to the Norwegian Broadcasting Corporation (NRK), noting that while similar propaganda has circulated on social media, this incident represents the first confirmed breach of Norway's water infrastructure since 2022.

Kripos, Norway's organized crime unit, told national newspaper Aftenposten that the group behind the attack consists of multiple affiliated actors who have carried out several cyber operations against Western businesses in recent years. The authorities did not provide further details, leaving the specific identities of those involved unclear and underscoring the challenges of attributing cyberattacks with certainty.

Western intelligence officials have warned that sabotage campaigns attributed to Russia are becoming increasingly reckless, citing incidents of vandalism, arson, attempted assassination, and cyberattacks since Moscow's full-scale invasion of Ukraine. Last year, Britain's MI6 chief, Richard Moore, described Russia's actions as a "staggeringly reckless campaign" intended to deter European support for Ukraine, a claim Moscow continues to deny.

The Russian embassy in Oslo quickly rejected the accusations, calling them "unfounded and politically motivated" in an emailed response to Reuters. It also claimed that allegations of Russian sabotage represented a "mythical threat" concocted by Norwegian authorities in their annual February security report.

Norway is a leading gas exporter that relies primarily on hydropower for electricity and shares a 123-mile Arctic border with Russia. Intelligence services have repeatedly warned of risks to national infrastructure and power generation, highlighting the growing sophistication of foreign cyber operations. Gangås told NRK that state actors often use proxy groups to demonstrate their capabilities and then publicize these actions online, as if to say, "look what we can do if we want to."

At a recent briefing titled "Hybrid attacks against Norway: are we at war?", Gangås urged the public to stay vigilant, emphasizing that such cyber threats are likely to become more frequent in Norway and across Europe.

"I want Norwegians to be prepared," she said.

Permalink to story:

Hackers unleash torrent from Norwegian dam, releasing 132 gallons per second for four hours

 
And now we see the full picture. The KGB tried to turn the Netherland speeding cameras back on, but ended up opening this Norwegian dam instead. That's the kind of thing that happens when you just type N and rely on autocomplete for the rest.
 
  • Like
Reactions: 3ogdy and wiak
This was 99% most likely controlled by a PLC, a Siemens PLC most likely. If you are in involved in the industry of PLCs you'd know the security part of it is called isolation. You keep these networks private, isolated. Any connection to the real world is done via a firewall or even a jump box.

So for something like this to happen some serious lack of proper OT was at fault.

You'd be surprised what an individual can do even if they only have access to the scada side. You always get these operators that want to have access to their Scada system from their phone, but at the same time dont understand the risk of outside access.

I see this stuff all the time.
 
  • Like
Reactions: bwbeam, Phylop, 0dium and 6 others
Kashim said:
Russians literally ADMITTED that they did this, yet here you are making excuses for them. I assume you're either Russian or a pro-Russian propagandist.
Click to expand...
Probably because reading a article is to hard for him to do or even writing a AI prompt to summarize an article was too hard. Maybe we need an AI to right AI prompt for him.
 
  • Like
Reactions: dangh
Tantor said:
What Russians? Why would Russians waste their time?
Click to expand...
Technically Russia is in the exporting energy business. Putin's default is creating even a bigger monopoly on energy and bigger stronghold control over European's dependce on Russian energy.
 
Seems very dangerous to be able to control this from any part of the world. Why not limit it to the local facility?
 
Tantor said:
What Russians? Why would Russians waste their time?
Click to expand...
Putin funded hacker group more accurately*, not Russians in general. They were caught before trying to sabotage factories in EU that were making weapons some time ago.
It is almost certain Russia has a department which involves in exactly this business.
But its real efficiency is questionable for the following reason: everything in Russia works through corruption. When the government funds a hacker group to cause chaos, money is not necessarily spent on it. That money is used for more useful things such as UK villas or sports cars. Which means their ability or desire to do harm to Europeans is greatly reduced. Only a fraction of funding actually goes to do something malicious as this hacking.
had they actually cared about causing damage and chaos in EU, EU would actually start taking serious actions.
The same hackers workday and night with much more passion to scheme and steal crypto money. That is their main interest.
 
  • Like
Reactions: Kirby1, dangh and godrilla
J spot said:
The Russian embassy in Oslo dismissed PST’s statements as "unfounded and politically motivated." https://kyivindependent.com/norway-blames-russia-for-cyberattack-on-hydropower-dam/
Click to expand...
And the police chief’s briefing was suggesting that Norway was at war with Russia for sending resources to support Ukraine’s war effort against Russia. It was titled “Hybrid attacks against Norway: Are we at war?”

War may actually break out between Norway and Russia, and there will be endless propaganda as there is with the Ukrainian and Palestinian wars.
 
  • Like
Reactions: BbN48
WaphleStomp said:
I think 132 gallons per second only counts as a "torrent" if the downstream village is the Smurf Village.
Click to expand...
4 hours of 132 gallons per second equals around 30 tons of water per minute - and this lasted for 4 hours - that is a torrent of water.

This may not have been the worst attack in history - but next time it could be air traffic control, hospitals or whatever
 
  • Like
Reactions: nnguy2, 0dium, GodisanAtheist and 1 other person
Eldrach said:
4 hours of 132 gallons per second equals around 30 tons of water per minute - and this lasted for 4 hours - that is a torrent of water.
Click to expand...

Its only relative.
½ ton per sec (or in other words ½ m³/s) is not so much in comparison with 4 700 m³/s during the flood of Elbe in 2002 (usual flow is only 296 m³/s).

 
Melkor Unlimited said:
Its only relative.
½ ton per sec (or in other words ½ m³/s) is not so much in comparison with 4 700 m³/s during the flood of Elbe in 2002 (usual flow is only 296 m³/s).
Click to expand...
You got to understand that dams in Norway are usually built ontop of a narrow stream from a lake (using the steep mountains on each side to create a damn). A flood covers a very large area - a few million tons of water in a narrow valley can be equally devestating.

But it was only one valve, could've been worse.
 
  • Like
Reactions: godrilla
Eldrach said:
4 hours of 132 gallons per second equals around 30 tons of water per minute - and this lasted for 4 hours - that is a torrent of water.

This may not have been the worst attack in history - but next time it could be air traffic control, hospitals or whatever
Click to expand...
The Fukushima tsunami was a lot of water. Ok, there's like eleven and a half people in Norway so perhaps the scale to the overall landmass is considerable. But, my cottage is on the banks of a river which passes MUCH more water than 132 gps, so I'm inclined, by personal experience, to be less than agreeable with your opinion.
Now, don't get your knickers in a bunch, I get it, I get it; NEXT time it could be bigger, yes, I agree. But, here's the real problem and also the serendipity.
1) per basic computer security practices, there's a direct and inversive relationship between security and convenience. The more convenient something is made, the less secure. To wit, utilities should NEVER be connected to the internet. So this is their opportunity to re-evaluate their apparent inability to secure their control systems - TAKE THEM OFFLINE.
2) Russians are either too foolish to demonstrate any level of self control or they're only, right now, interested in being a nuisance. If they had half a brain, they wouldn't have exploited the vulnerability now, they would have marked it and saved it. Had they waited they could have chained it with multiple attacks.
But, seemingly, they lack EQ and just HAD to show how clever they are. But, and now here's the good part, Norwegians are now aware of the vulnerability and it's likely being corrected. So, now their ability to again wreak havoc is either diminished or quashed. So, thanks Russia for being so foolish as to enact the vuln now 'cause it gets corrected before it could have been chained with other issues.
So, this brings us back to point #1 above. Simply because something CAN be networked does not make it sensible or necessary to do so. Obviously China, Russia, North Korea, Iran, and others want to annoy or damage the West's infrastructure - SO TAKE THE UTILITIES OFFLINE and it's problem solved for being attacked via that manner. If they can't hack in, then they can't remotely cause problems.
Raise the drawbridge and make them use their pointy heads to figure out how to cross the moat.
I have 100 computers in my home, but I still use sneakernet. Yes, I love the convenience and expediency of moving files over a network, it's great. But no one can hack my network, because there isn't one. No network/remote access = no threat from that attack vector.
TAKE THE UTILITIES OFFLINE so we don't have to debate whether 132 gps equates a trickle or a torrent.
 
Good wake up call.

The nature of warfare is rapidly changing and the Euros have been dulled into a sense of complacence thanks to living behind the Freedom Curtain projected by the US.

Now that Freedom Curtain is looking like it's going to be pulled back and Euro's have 80 years of militarization to catch up on + another 20 if they have any hope of surviving the drone and digital warfare that will define any modern war.

Time to wake up those some of those millenia of warfare cultural attitudes again.
 

Similar threads

Daniel Sims
Microsoft's new tech cuts Forza Horizon 6's shader loading time from 90 seconds to four seconds
Replies
7
Views
41
Gezzer
G
Daniel Sims
PCIe has doubled bandwidth every generation for two decades, PCIe 8.0 is on track to do it again at 1TB/s
Replies
14
Views
82
Xenocea
Xenocea
Daniel Sims
Nintendo sues the US government over "unlawful" Trump-era tariffs
2 3
Replies
55
Views
850
ScottSoapbox
S

Latest posts

Back