Russian Hackers Target Norwegian Dam

The Information Security Media Group (ISMG) regularly compiles significant cybersecurity incidents from around the globe. This week, a reported incident in Norway involved Russian hackers taking control of flooding mechanisms at a dam, while Spain sidesteps international pressure concerning Huawei’s involvement in its 5G security. Additionally, hackers leak sensitive North Korean Kimsuky data, Microsoft addresses a critical Kerberos vulnerability, and a security researcher receives a lucrative bounty for a discovered flaw in Chrome.

See Also: OnDemand | North Korea’s Secret IT Army and How to Combat It

Norwegian Police Service officials disclosed that in April, Russian hackers remotely accessed a flood gate at the Risevatnet dam in Bremanger, northwest Norway. PST chief Beate Gangås reported that the flood gate was manipulated to release nearly 500 liters of water per second for four hours. This incident was discussed at a hybrid warfare conference where intelligence leaders cited escalating Russian aggressions as a prominent threat.

While no flooding or injuries resulted from this incident, the implications are significant. The Norway-Russia border stretches for 123 miles and has seen increased tensions since Russia’s invasion of Ukraine. Analysts believe that such cyber operations are part of Russia’s broader hybrid tactics aimed at destabilizing European nations and shaping their responses to geopolitical challenges. Officials predict further sabotage against critical infrastructure in Norway, especially given its reliance on hydropower.

In a recent announcement, the Spanish government acknowledged Huawei’s advisory role within a governmental body overseeing 5G network security. This has occurred amid mounting pressure from the United States, European Commission, and various civil society groups urging Spain to terminate a €12.3 million contract awarded to Huawei concerning the handling of legally intercepted communications.

Despite criticisms, officials insist Huawei’s role is merely advisory, similar to that of other equipment giants like Ericsson and Nokia. U.S. National Intelligence Director Tulsi Gabbard had set a deadline for Spain to reconsider the deal, citing potential ramifications for intelligence collaboration. The Spanish government has maintained its stance, promoting the contract as essential for high-quality server technology rather than for data management.

The Pennsylvania Attorney General’s Office confirmed a cyberattack that incapacitated its operational network, affecting the agency’s website, email systems, and landline phone services. Attorney General Dave Sunday stated that the office is collaborating with law enforcement to address the disruption and restore services, though no specific attackers have been identified at this time.

Analysis indicates that the scale of disruption aligns closely with characteristics typical of ransomware incidents, although no group has yet claimed responsibility. Investigations have revealed vulnerabilities in Citrix NetScaler appliances within the office’s network, suggesting that the attackers may have leveraged existing security lapses.

The North Korean hacking group Kimsuky experienced a significant breach, with hackers “Saber” and “cyb0rg” releasing stolen data into the public domain. Claiming ethical motives, the duo published a leaked 8.9-gigabyte dataset that includes Kimsuky’s internal tools, military phishing records, and source code for South Korean government email systems.

This incident raises alarms not only about the exposed data but also regarding the operational integrity of Kimsuky, as the leak potentially provides insights into the group’s methodologies and objectives. Despite the prior knowledge of some exposed information, this release is likely to complicate Kimsuky’s operational landscape in the short term.

In its August Patch Tuesday, Microsoft released fixes for 107 vulnerabilities, including a critically reported zero-day in the Windows Kerberos system tracked as CVE-2025-53779. This issue presents various attack vectors and could allow authenticated users to escalate their privileges. Other vulnerabilities addressed included those allowing for administrative access in hybrid Exchange environments.

A security researcher known as “Micky” was awarded a historic $250,000 for uncovering a critical flaw in Chrome that circumvented sandbox protections. This vulnerability, located within Chrome’s Inter-Process Communication system, had the potential for substantial risks, allowing attackers to execute arbitrary code.

Additional Reporting

This article includes reporting from ISMG’s Gregory Sirico and David Perera.