The Norwegian Police Security Service (PST) confirmed this week that pro-Russian hackers took control of a dam in Bremanger, western Norway, in April, opening a floodgate and allowing water to flow unnoticed for four hours. PST said the incident was a deliberate demonstration of Moscow’s ability to remotely compromise the country’s critical infrastructure. The attribution marks the first time Oslo has formally linked the attack to Russia, describing it as part of a broader hybrid warfare strategy aimed at causing harm and showcasing capability.
Speaking at the Arendalsuka annual national forum in the city of Arendal, Beate Gangås, head of PST, said, “Over the past year, we have seen a change in activity from pro-Russian cyber actors.” The Bremanger incident was an example of such an attack, she added. “The aim of this type of operation is to influence and to cause fear and chaos among the general population. Our Russian neighbour has become more dangerous.”
“They don’t necessarily aim to cause destruction, but to show what they are capable of,” stated Gangås. “The purpose of these kinds of actions is to exert influence and create fear or unrest in the population,” the PST chief also stated, noting that Russia has become more dangerous.
She added that “Russian intelligence services spend significant resources identifying, cultivating, and recruiting contacts in Norway. Norwegian citizens could be good sources of information for them.”
The alleged perpetrators reportedly published a three-minute video, watermarked with the name of a pro-Russian cybercriminal group, on Telegram on the day of the attack.
Norway’s National Criminal Investigation Service (Kripos) reached the same conclusion in June after reviewing videos posted by Russian hacktivists on the Telegram messaging service to demonstrate their intrusion. The agency announced at the time that another similar hacker attack was also under investigation.
At the same event, Nils Andreas Stensønes, head of the Norwegian Intelligence Service, warned that Russia remains the biggest threat to Norway’s security. While Norway is not at war with Moscow, he said Russian President Vladimir Putin continues to fuel tension through hybrid attacks targeting the entire West. Stensønes described Russia as an unpredictable neighbor and the most serious current threat facing the country.
Providing insights on the vulnerability of water utilities, Mike Hamilton, field CISO at Lumifi Cyber, wrote in an emailed statement that attacks against the water sector are increasing, and it is a nation-state issue more than a criminal issue. “Iranian actors are known to specifically target the operational technologies like programmable logic controllers that are used to open/close valves, monitor filtration and chemical injection, etc.”
Russians are reported to have recently targeted a dam operation in Norway and are equally capable. More broadly, all critical sectors are under increasing threats – the Chinese are reported to have a foothold in infrastructure and are prepared to pull that trigger at the time of their choosing.
He noted that utilities lack the resourcing to attract and retain qualified practitioners and are using more managed services to monitor networks and operational technologies as a means of minimizing the impact of successful attacks. “Funding may come from federal grants like the state and local cybersecurity grant program, but there is to date, no legislation to support this. Funding could also come from rate increases, and some public utility commissions are considering this.”
“Because of the executive order that passes responsibility for infrastructure protection and disaster management to state and local governments, states are developing all-of-state strategies for securing and monitoring infrastructure, and this includes water and waste treatment,” according to Hamilton. “The state of Hawaii, for example, is using SLCGP funding and working with a non-profit (PISCES: pisces-intl.org) to monitor local governments, public utilities, and rural healthcare. New York has leaned into regulating its critical sectors much like the sector risk management agencies (like EPA for the water sector) to circumvent the federal regulatory whipsaw we’ve been seeing.”
Hamilton highlighted that at the federal level, the Department of Energy is moving toward deploying OT monitoring in dam operations and training operators. The trend is a definite effort to monitor and aggregate events, and it’s being done mainly at the state level.
About two years ago, cyber attackers reportedly targeted multiple Norwegian government agencies. A government official confirmed that twelve ministries were affected, though the prime minister’s office and the foreign, defense, and justice ministries were spared because they operate on a separate IT platform.
