OrganisationNO

PST

Norway's Police Security Service; confirmed Norway as a Salt Typhoon telecoms victim, April 2026.

Last refreshed: 30 April 2026 · Appears in 1 active topic

Key Question

Why did Norway wait for a sixteen-agency advisory to admit Salt Typhoon had hit it?

Timeline for PST

#223 Apr

Disclosed Norway as a Salt Typhoon victim using the 16-agency advisory publication as the occasion

Cybersecurity: Threats and Defences: Norway joins the Salt Typhoon victim list

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

Has Norway confirmed it was hacked by Salt Typhoon?: Yes. Norway's PST used the sixteen-agency advisory publication on 23 April 2026 to confirm that Norway is a Salt Typhoon victim, taking the confirmed public country count past nine. PST stated that Norwegian telecoms infrastructure was among the compromised systems.Source: PST / 16-agency advisory
What does Norway's PST do?: PST (Politiets sikkerhetstjeneste) is Norway's domestic security service responsible for counter-terrorism, counter-espionage, and protecting Norwegian democratic institutions. It operates under the Ministry of Justice and the Police and publishes an annual threat assessment.Source: PST
Why does the Salt Typhoon hack of Norway matter for NATO?: Norway hosts key NATO communications infrastructure. Salt Typhoon's penetration of Norwegian telecoms carriers raises the possibility that alliance command-and-control traffic was exposed to Chinese signals intelligence collection.Source: PST / NATO

Background

The Politiets sikkerhetstjeneste (PST) is Norway's domestic intelligence and security service, operating within the Norwegian National Police under the Ministry of Justice and the Police. Founded in 1937 (as the State Police, reorganised as PST in 2002), it is responsible for counter-terrorism, counter-espionage, and protecting Norwegian constitutional institutions. Unlike Norway's foreign intelligence service NSM (the National Security Authority), PST has a domestic REMIT but routinely cooperates with the NCSC, AIVD, GCHQ, and other Five Eyes-adjacent partners on state-sponsored threat tracking.

PST publishes an annual threat assessment and is Norway's lead agency for disclosing confirmed state-sponsored targeting of Norwegian entities. Its disclosures carry legal weight in Norwegian security proceedings and are treated as credible by allied services.

PST used the publication of the sixteen-agency joint advisory on 23 April 2026 to publicly confirm that Norway is a Salt Typhoon victim, taking the confirmed public country count past nine. Salt Typhoon is the US government's designation for the China-linked cluster that penetrated telecoms carriers globally to intercept lawful-intercept wiretap metadata; PST's disclosure confirms that Norwegian telecoms infrastructure carrying protected communications was among the compromised systems. The PST disclosure is the first Nordic government confirmation of Salt Typhoon victim status, and is significant because Norway's telecoms carry NATO command-and-control traffic as a member state.

Source Material

Norwegian Police Security Service PST — Norwegian Police Security Service

How the World Sees Them

NATO

Norway hosts critical NATO communications infrastructure; Salt Typhoon penetration of Norwegian telecoms raises questions about the security of alliance command traffic routed through those carriers.

China

Beijing rejects the Salt Typhoon attribution and frames PST's disclosure as participation in a Western political campaign against China's technology sector.

Norway

PST's disclosure was timed to coincide with the sixteen-agency advisory, suggesting allied coordination; it raises domestic political pressure on Norwegian telecoms operators to audit and report compromised infrastructure.

Five Eyes

PST is not a formal Five Eyes member but operates as a trusted partner; the disclosure extends Salt Typhoon attribution to a Nordic NATO ally, broadening the geopolitical pressure on Beijing.