Norway security service says pro-Russian hackers behind dam sabotage

Norway's domestic security agency on Wednesday accused pro-Russian hackers of carrying out a cyberattack in April that briefly compromised a dam's control system in the western municipality of Bremanger.

Speaking at the Arendalsuka political festival, Police Security Service (PST) chief Beate Gangas said the incident at the Risavatnet dam reflected an increase in cyber operations against Western targets aimed at producing "noticeable or visible results."

"In April, a dam in western Norway was subjected to such an operation. The purpose of these actions is to influence and create fear or unrest among the population," she said, according to daily VG.

The April 7 breach was detected by Breivika Eigedom, the company that owns the dam, which reported unauthorized access to a remote-control panel regulating one of the dam's valves. The access lasted nearly four hours.

"The attackers were able to adjust the water flow in the minimum flow pipe. The valve was opened to 100%, which had no consequences other than releasing 497 liters per second more water than the minimum requirement during the period," the dam's technical manager, Bjarte Steinhovden, told industry outlet Energiteknikk at the time.

Steinhovden attributed the breach to a likely weak password. The incident was initially investigated by the National Criminal Investigation Service (Kripos) before PST took over to assess whether it was part of a state-backed influence operation.

Kripos later discovered a video of the dam's control panel bearing a static watermark identifying a pro-Russian cybercriminal group. The footage was posted on Telegram the same day as the breach.

"This group brings together several actors engaged in criminal activity in the cyber domain, and they can be linked to multiple cyberattacks on companies in Western countries in recent years," Kripos prosecutor Terje Nedrebø Michelsen said.