
Norwegian Security and Service Organisation
Norwegian government organisation; earlier victim of Ivanti EPMM zero-days; precedent for May 2026 CVE-2026-6973.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Three years after Norway's Ivanti breach, why are governments still using the same vulnerable MDM software?
Timeline for Norwegian Security and Service Organisation
Named as prior victim of Ivanti EPMM zero-days in the same product line
Cybersecurity: Threats and Defences: Ivanti EPMM logs fourth KEV zero-day since 2023Was the Norwegian government hacked through Ivanti EPMM?
What is the Norwegian Security and Service Organisation?
What is CVE-2026-6973 in Ivanti EPMM and why does it affect Norway?
Background
The Norwegian Security and Service Organisation (NSSO) is a Norwegian government body responsible for managing shared services and security for the Norwegian Parliament (Storting) and government ministries. In 2023, the NSSO was one of the first publicly confirmed victims of a zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), an attack that compromised internal government ministry networks. The incident became a landmark case in the record of Ivanti EPMM zero-day exploitation.
The 2023 NSSO compromise was attributed to a threat actor exploiting CVE-2023-35078, the first of what would become a series of Ivanti MDM zero-days. Norway's National Security Authority (NSM) and the NSSO responded publicly, making it one of the highest-profile government disclosures in the EPMM zero-day series. The incident informed subsequent Ivanti security guidance and contributed to the Norwegian government's calls for vendor accountability in Mobile Device Management security.
By May 2026, CVE-2026-6973 in Ivanti EPMM became the fourth such vulnerability to reach CISA's KEV catalogue since 2023. The NSSO's earlier experience establishes why government agencies' use of Ivanti EPMM is a persistent strategic vulnerability, particularly for organisations managing mobile access to classified or sensitive government systems.