Telenor
Company Details
Linkedin ID:
telenor-group
Website:
Employees number:
22,731
Number of followers:
521,666
NAICS:
517
Industry Type:
Homepage:
telenor.com
IP Addresses:
11
Company ID:
TEL_2710109
Scan Status:
Completed
Telenor Company CyberSecurity Posture
telenor.com
EMPOWERING SOCIETIES. CONNECTING YOU TO WHAT MATTERS MOST. Telenor Group is a leading telecommunications company across the Nordics and Asia with 158 million subscribers and annual sales of around NOK 99 billions (2022). We are committed to responsible business conduct and driven by the ambition of empowering societies. Connectivity has been Telenor’s domain for more than 165 years, and our purpose is to connect our customers to what matters most. We have four behaviours that guide the way we work: • Always Explore. We believe growth comes from learning every day. We’re curious and we dare to challenge, test, fail fast and pivot. • Create together. We believe diverse teams find better solutions. We seek different perspectives, share, involve and help each other succeed. • Keep promises. We believe that trust is key in all our relationships. We take ownership and pride in delivering with precision and integrity. • Be respectful. We believe in the unique human ability to understand what matters for people. We meet everyone at eye level, listen and show that we care. Telenor is listed at Oslo Stock Exchange under the ticker TEL. For more information, please visit www.telenor.com.
Telenor A.I CyberSecurity Scoring
Telenor Risk Score (AI oriented)Between 750 and 799
Telenor
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Telenor Global Score (TPRM)XXXX
Telenor
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Telenor Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Space Norway (operator of the Svalbard Undersea Cable System)
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: In January 2022, Space Norway’s Svalbard Undersea Cable System the world’s northernmost subsea fiber-optic cables connecting mainland Norway to the Svalbard archipelago suffered deliberate sabotage. The damage occurred in a deep-sea section (980ft to 9,000ft depth) where cables are typically buried six feet below the seabed, yet were severed by suspected Russian hybrid warfare tactics. Norwegian police confirmed 'human impact' as the cause, while open-source investigations revealed Russian trawlers made over a dozen passes over the cable route before the outage. Though redundant systems prevented service disruption for Svalbard’s users (including critical Arctic research stations and satellite ground stations), the attack demonstrated vulnerabilities in NATO’s northern infrastructure. The incident aligned with broader Russian strategies to test allied responses, disrupt communications, and exploit undersea infrastructure as a geopolitical pressure point. No perpetrators were prosecuted due to lack of direct evidence, but the pattern mirrored other Baltic Sea cable sabotage linked to Russia’s shadow fleet, reinforcing concerns over critical infrastructure resilience in the High North.
Telenor Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Telenor
Incidents vs Telecommunications Industry Average (This Year)
No incidents recorded for Telenor in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Telenor in 2026.
Incident Types Telenor vs Telecommunications Industry Avg (This Year)
No incidents recorded for Telenor in 2026.
Incident History — Telenor (X = Date, Y = Severity)
Telenor cyber incidents detection timeline including parent company and subsidiaries
Telenor Company Subsidiaries
EMPOWERING SOCIETIES. CONNECTING YOU TO WHAT MATTERS MOST. Telenor Group is a leading telecommunications company across the Nordics and Asia with 158 million subscribers and annual sales of around NOK 99 billions (2022). We are committed to responsible business conduct and driven by the ambition of empowering societies. Connectivity has been Telenor’s domain for more than 165 years, and our purpose is to connect our customers to what matters most. We have four behaviours that guide the way we work: • Always Explore. We believe growth comes from learning every day. We’re curious and we dare to challenge, test, fail fast and pivot. • Create together. We believe diverse teams find better solutions. We seek different perspectives, share, involve and help each other succeed. • Keep promises. We believe that trust is key in all our relationships. We take ownership and pride in delivering with precision and integrity. • Be respectful. We believe in the unique human ability to understand what matters for people. We meet everyone at eye level, listen and show that we care. Telenor is listed at Oslo Stock Exchange under the ticker TEL. For more information, please visit www.telenor.com.
Loading...
Telenor Similar Companies
Ooredoo Group
We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob
Vivo (Telefônica Brasil)
Vivo (Telefônica Brasil) is part of the Telefónica Group and with more than 94 million customers, of which 75 million mobile and 19 million fixed, we are the largest telecommunications company in Brazil, with nationwide presence and a complete, convergent portfolio of products, combining fixed, mobi
yes
תכירו את השחקנים הראשיים שלנו: העובדות והעובדים. אנחנו לא עובדים עם תסריט קבוע, חושבים מחוץ לקופסא, ומייצרים ז'אנר משלנו. כש-יס קמה, בשנת 1998, הבאנו את בשורת הלווין אל עולם שידורי הטלוויזיה והיינו הראשונים להציע שידורים דיגיטליים ושירותי טלוויזיה אינטראקטיביים - כשבחירת התכנים היא בידיים של הלקוח
Zain Group
Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 50.9 million active customers as of 30 June 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Sa
Proximus Group
Proximus Group is a provider of future-proof connectivity, IT and digital services, headquartered in Brussels. The Group is actively engaged in building a connected world that people trust, so society blooms. The Domestic segment is focused on providing state-of-the art telecommunications and IT se
Cox Communications is committed to creating more moments of real human connection. We bring people closer to family and friends through technology that’s inspired by a culture that puts people first, and we’re always working to improve life in the communities we serve. Our world-class broadband appl
TIM Brasil
A TIM é a empresa de telefonia móvel que mais cresce no Brasil. Atualmente, possui mais de 13 mil colaboradores em todo o país que trabalham entregando serviços inovadores e de qualidade em telefonia móvel, fixa e internet banda larga. É uma companhia feita de pessoas criativas, com energia real
Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains – telecom networks, IT, smart devices, and cloud services – we are committed to bringing digital to every person, home and organi
Telstra
We believe it’s people who give purpose to our technology. So we’re committed to staying close to our customers and providing them the best experience. And delivering the best tech. On the best network. Because our purpose is to build a connected future so everyone can thrive. We build techno
.png)
Telenor CyberSecurity News
December 31, 2025 08:00 AM
PTCL Secures Complete Control of Telenor Pakistan and Orion Towers After Deal Closure
Pakistan Telecommunication Company Limited (PTCL) has officially completed the acquisition of 100% shareholding of Telenor Pakistan...
December 12, 2025 07:54 PM
There’s no time to waste
In a world where everything and everyone is connected, the Nordic digital security landscape has grown more complex and uncertain.
December 04, 2025 10:25 AM
PTA Imposes Stringent Safeguards as PTCL Gets Conditional Approval to Acquire Telenor Pakistan
PTA approves PTCL's bid to acquire Telenor Pakistan with strict conditions to protect consumers, competition and network quality.
December 02, 2025 08:00 AM
Pakistan Unlocks AI Potential with Local Data Centre
Pakistan AI data centre launches to boost artificial intelligence adoption in healthcare, finance, agriculture, and public safety. Telenor...
December 02, 2025 08:00 AM
Pakistan’s AI potential being unlocked with local data centre
Powered by Nvidia enterprise-grade GPUs, data centre to boost artificial intelligence adoption, improve cybersecurity by keeping data within...
November 27, 2025 08:00 AM
Telenor Pakistan and Data Vault launch nation’s first AI-Ready Sovereign Cloud
Telenor Pakistan has partnered with Data Vault Pakistan to launch the nation's first AI-Ready Sovereign Cloud, providing secure,...
November 19, 2025 02:58 AM
Tele2, Telenor JV Net4Mobility Secures 1800 MHz Spectrum to Boost 4G & 5G in Sweden
Tele2 and Telenor, through their joint network company Net4Mobility (N4M), have secured new spectrum in the 1800 MHz band in the spectrum auction conducted...
November 11, 2025 06:54 AM
Telenor Pakistan’s Market Share Slips Ahead of PTCL Merger as Jazz, Zong Strengthen
Telenor's share dips to 21.75% before merger with PTCL, while Jazz and Zong expand dominance in Pakistan's telecom market.
November 09, 2025 08:00 AM
Cybersecurity Fears Rise Over Yutong Electric Buses Worldwide
On November 7, 2025, the world of public transportation found itself at the intersection of innovation and vulnerability.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Telenor CyberSecurity History Information
Official Website of Telenor
The official website of Telenor is http://www.telenor.com/.
Telenor’s AI-Generated Cybersecurity Score
According to Rankiteo, Telenor’s AI-generated cybersecurity score is 794, reflecting their Fair security posture.
How many security badges does Telenor’ have ?
According to Rankiteo, Telenor currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Telenor been affected by any supply chain cyber incidents ?
According to Rankiteo, Telenor has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Telenor have SOC 2 Type 1 certification ?
According to Rankiteo, Telenor is not certified under SOC 2 Type 1.
Does Telenor have SOC 2 Type 2 certification ?
According to Rankiteo, Telenor does not hold a SOC 2 Type 2 certification.
Does Telenor comply with GDPR ?
According to Rankiteo, Telenor is not listed as GDPR compliant.
Does Telenor have PCI DSS certification ?
According to Rankiteo, Telenor does not currently maintain PCI DSS compliance.
Does Telenor comply with HIPAA ?
According to Rankiteo, Telenor is not compliant with HIPAA regulations.
Does Telenor have ISO 27001 certification ?
According to Rankiteo,Telenor is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Telenor
Telenor operates primarily in the Telecommunications industry.
Number of Employees at Telenor
Telenor employs approximately 22,731 people worldwide.
Subsidiaries Owned by Telenor
Telenor presently has no subsidiaries across any sectors.
Telenor’s LinkedIn Followers
Telenor’s official LinkedIn profile has approximately 521,666 followers.
NAICS Classification of Telenor
Telenor is classified under the NAICS code 517, which corresponds to Telecommunications.
Telenor’s Presence on Crunchbase
No, Telenor does not have a profile on Crunchbase.
Telenor’s Presence on LinkedIn
Yes, Telenor maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/telenor-group.
Cybersecurity Incidents Involving Telenor
As of January 21, 2026, Rankiteo reports that Telenor has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Telenor has an estimated 9,783 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Telenor ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does Telenor detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with nato operation baltic sentry (2024), incident response plan activated with finnish national bureau of investigation (estlink 2 case), incident response plan activated with norwegian police (svalbard cable investigation), and third party assistance with marinetraffic (ship tracking data), third party assistance with open-source intelligence (osint) for trawler movements, and and containment measures with detention of *eagle s* vessel (later released), containment measures with increased maritime patrols (nato assets), and remediation measures with cable repairs (status unspecified), remediation measures with nato-industry collaboration for infrastructure resilience, and recovery measures with swedish military exercises (counter-sabotage drills), recovery measures with enhanced surveillance of undersea cables, and communication strategy with public statements by nato secretary general mark rutte, communication strategy with media interviews with lithuanian fm gabrielius landsbergis, communication strategy with cbs news investigative reports, and enhanced monitoring with nato naval drones and aircraft patrols, enhanced monitoring with national surveillance assets (unspecified)..
Incident Details
Can you provide details on each incident ?
Title: Alleged Russian Sabotage of Undersea Cables in the Baltic Sea (2022–2024)
Description: A series of suspected sabotage incidents targeting undersea fiber optic cables in the Baltic Sea, allegedly linked to Russian hybrid warfare tactics. The cables, critical for global internet traffic, financial transactions, and military communications, were damaged in multiple instances, including drag marks from anchors and loitering vessels. Finland, Estonia, Norway (Svalbard), and other Baltic NATO members reported disruptions, with Russia denying involvement. The incidents are part of broader hybrid warfare tactics, including cyberattacks, infrastructure sabotage, and espionage, aimed at testing NATO resolve and intimidating regional populations. NATO launched 'Baltic Sentry' in 2024 to counter these threats.
Date Detected: 2022-01-07
Date Publicly Disclosed: 2022-02-00
Type: Physical Sabotage
Attack Vector: Anchor Dragging (Ships/Trawlers)Underwater Sabotage (Unconfirmed Explosives)Loitering Near Cable RoutesPlausible Deniability via 'Shadow Fleet' Vessels
Vulnerability Exploited: Shallow Depth of Baltic Sea (Ease of Anchor Damage)Unburied or Lightly Buried Cables in Steep TerrainLack of Real-Time Monitoring for Undersea InfrastructureGeopolitical Tensions (NATO Expansion, Ukraine War)
Threat Actor: Primary: Russian State-Affiliated Actors (Alleged)Secondary: ["Russian 'Shadow Fleet' Vessels (e.g., *Eagle S*)", 'Russian Fishing Trawlers (Svalbard Incident)', 'Ukrainian Citizens Linked to Russian Intelligence (Poland Rail Sabotage)']Denial: Russia denies all allegations, labeling them 'Russophobia'
Motivation: Intimidation of Baltic States and NATO AlliesTesting NATO Unity and Response CapabilitiesDisruption of Critical Infrastructure as Hybrid Warfare TacticRetaliation for Western Support of UkrainePotential Prelude to Larger Military Escalation
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Anchor Drag Marks (Physical Damage)Vessel Loitering Near Cable Routes (Reconnaissance).
Impact of the Incidents
What was the impact of each incident ?
Incident : Physical Sabotage SPA0002100112125
Systems Affected: Estlink 2 (Finland-Estonia Power/Telecom Cable)Svalbard Undersea Cable System (Norway)Unspecified Telecom Cables in Gulf of Finland
Downtime: [{'system': 'Estlink 2', 'duration': 'Partial outage (Christmas 2024)', 'restoration': 'Unknown'}, {'system': 'Svalbard Cable', 'duration': 'Jan 7, 2022 (Redundant cable prevented service loss)', 'restoration': 'Investigation closed (no evidence)'}]
Operational Impact: Reduced Interconnectivity Between Finland and EstoniaIncreased NATO Maritime Patrols (Operation Baltic Sentry)Swedish Military Exercises for Counter-Sabotage
Brand Reputation Impact: Erosion of Trust in Undersea Infrastructure ResiliencePerception of NATO Vulnerability to Hybrid Threats
Legal Liabilities: Finnish Criminal Charges Against *Eagle S* Crew (Dismissed on Appeal)
Which entities were affected by each incident ?
Incident : Physical Sabotage SPA0002100112125
Entity Name: Finland
Entity Type: Government
Industry: Critical Infrastructure (Energy/Telecom)
Location: Baltic Sea (Gulf of Finland)
Size: National
Customers Affected: Partial outage for Finland-Estonia connectivity
Incident : Physical Sabotage SPA0002100112125
Entity Name: Estonia
Entity Type: Government
Industry: Critical Infrastructure (Energy/Telecom)
Location: Baltic Sea (Gulf of Finland)
Size: National
Customers Affected: Partial outage for Finland-Estonia connectivity
Incident : Physical Sabotage SPA0002100112125
Entity Name: Norway (Space Norway)
Entity Type: State-Owned Enterprise
Industry: Telecommunications
Location: Greenland Sea (Svalbard Cable)
Size: National
Customers Affected: No service loss (redundant cable)
Incident : Physical Sabotage SPA0002100112125
Entity Name: NATO
Entity Type: Military Alliance
Industry: Defense/Critical Infrastructure Protection
Location: Baltic Sea Region
Size: Multinational
Customers Affected: Increased operational burden (Baltic Sentry)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Physical Sabotage SPA0002100112125
Incident Response Plan Activated: ['NATO Operation Baltic Sentry (2024)', 'Finnish National Bureau of Investigation (Estlink 2 Case)', 'Norwegian Police (Svalbard Cable Investigation)']
Third Party Assistance: Marinetraffic (Ship Tracking Data), Open-Source Intelligence (Osint) For Trawler Movements.
Containment Measures: Detention of *Eagle S* Vessel (Later Released)Increased Maritime Patrols (NATO Assets)
Remediation Measures: Cable Repairs (Status Unspecified)NATO-Industry Collaboration for Infrastructure Resilience
Recovery Measures: Swedish Military Exercises (Counter-Sabotage Drills)Enhanced Surveillance of Undersea Cables
Communication Strategy: Public Statements by NATO Secretary General Mark RutteMedia Interviews with Lithuanian FM Gabrielius LandsbergisCBS News Investigative Reports
Enhanced Monitoring: NATO Naval Drones and Aircraft PatrolsNational Surveillance Assets (Unspecified)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as NATO Operation Baltic Sentry (2024), Finnish National Bureau of Investigation (Estlink 2 Case), Norwegian Police (Svalbard Cable Investigation), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through MarineTraffic (Ship Tracking Data), Open-Source Intelligence (OSINT) for Trawler Movements, .
Data Breach Information
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Cable Repairs (Status Unspecified), NATO-Industry Collaboration for Infrastructure Resilience, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by detention of *eagle s* vessel (later released), increased maritime patrols (nato assets) and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Swedish Military Exercises (Counter-Sabotage Drills), Enhanced Surveillance of Undersea Cables, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Physical Sabotage SPA0002100112125
Legal Actions: Finnish Criminal Case Against *Eagle S* Crew (Dismissed),
Regulatory Notifications: NATO Coordination Under Article 5 (Potential Future Trigger)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Finnish Criminal Case Against *Eagle S* Crew (Dismissed), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Physical Sabotage SPA0002100112125
Lessons Learned: Undersea Cables Are Vulnerable to Physical Sabotage in Shallow Waters, Hybrid Warfare Blurs Lines Between Cyber, Physical, and Psychological Attacks, Plausible Deniability via 'Shadow Fleet' Complicates Attribution, NATO Unity Is Critical to Deterring Further Escalation, Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables)
What recommendations were made to prevent future incidents ?
Incident : Physical Sabotage SPA0002100112125
Recommendations: Increase Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage IncidentsIncrease Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios, Expand Maritime Domain Awareness in the Baltic Sea, Develop Rapid-Response Protocols for Cable Sabotage Incidents
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Undersea Cables Are Vulnerable to Physical Sabotage in Shallow Waters,Hybrid Warfare Blurs Lines Between Cyber, Physical, and Psychological Attacks,Plausible Deniability via 'Shadow Fleet' Complicates Attribution,NATO Unity Is Critical to Deterring Further Escalation,Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables).
References
Where can I find more information about each incident ?
Incident : Physical Sabotage SPA0002100112125
Source: Royal United Services Institute (RUSI)
URL: https://rusi.org
Date Accessed: 2024-11-00
Incident : Physical Sabotage SPA0002100112125
Source: Finnish National Bureau of Investigation
URL: https://poliisi.fi
Date Accessed: 2024-10-00
Incident : Physical Sabotage SPA0002100112125
Source: Space Norway (Svalbard Cable Operator)
Date Accessed: 2022-01-00
Incident : Physical Sabotage SPA0002100112125
Source: NATO Press Release (Operation Baltic Sentry)
URL: https://www.nato.int
Date Accessed: 2024-01-00
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: CBS NewsUrl: https://www.cbsnews.comDate Accessed: 2024-11-00, and Source: Royal United Services Institute (RUSI)Url: https://rusi.orgDate Accessed: 2024-11-00, and Source: Finnish National Bureau of InvestigationUrl: https://poliisi.fiDate Accessed: 2024-10-00, and Source: Space Norway (Svalbard Cable Operator)Url: https://spacenorway.noDate Accessed: 2022-01-00, and Source: NATO Press Release (Operation Baltic Sentry)Url: https://www.nato.intDate Accessed: 2024-01-00.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Physical Sabotage SPA0002100112125
Investigation Status: [{'case': 'Estlink 2 (Finland-Estonia)', 'status': 'Criminal Charges Dismissed (Prosecutors Appealing)'}, {'case': 'Svalbard Cable (Norway)', 'status': 'Closed (Lack of Evidence)'}, {'case': 'Polish Rail Sabotage', 'status': 'Ongoing (Suspects Identified)'}]
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statements By Nato Secretary General Mark Rutte, Media Interviews With Lithuanian Fm Gabrielius Landsbergis and Cbs News Investigative Reports.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Physical Sabotage SPA0002100112125
Stakeholder Advisories: Nato Members Urged To Enhance Critical Infrastructure Protection, Baltic States Advised To Diversify Connectivity Routes, Energy And Telecom Sectors Warned Of Hybrid Threats.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Nato Members Urged To Enhance Critical Infrastructure Protection, Baltic States Advised To Diversify Connectivity Routes and Energy And Telecom Sectors Warned Of Hybrid Threats.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Physical Sabotage SPA0002100112125
Entry Point: Anchor Drag Marks (Physical Damage), Vessel Loitering Near Cable Routes (Reconnaissance),
Reconnaissance Period: ['Svalbard Incident: >12 Trawler Passes Before Damage', 'Eagle S: Departed Ust-Luga on Day of Outage']
High Value Targets: Estlink 2 (Finland-Estonia Interconnect), Svalbard Cable (Northernmost Subsea System), Baltic Nato Members' Limited Redundancy,
Data Sold on Dark Web: Estlink 2 (Finland-Estonia Interconnect), Svalbard Cable (Northernmost Subsea System), Baltic Nato Members' Limited Redundancy,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Physical Sabotage SPA0002100112125
Root Causes: Geopolitical Tensions (Russia-Nato, Ukraine War), Physical Vulnerability Of Undersea Cables In Shallow Waters, Lack Of Unified Deterrence Against Hybrid Tactics, Plausible Deniability Via Non-State Proxy Vessels,
Corrective Actions: Nato Operation Baltic Sentry (Maritime Patrols), Finnish Appeal Of Dismissed Charges Against *Eagle S* Crew, Swedish Counter-Sabotage Military Exercises, Proposed Nato Article 5 Clarifications For Hybrid Attacks,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Marinetraffic (Ship Tracking Data), Open-Source Intelligence (Osint) For Trawler Movements, , Nato Naval Drones And Aircraft Patrols, National Surveillance Assets (Unspecified), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Nato Operation Baltic Sentry (Maritime Patrols), Finnish Appeal Of Dismissed Charges Against *Eagle S* Crew, Swedish Counter-Sabotage Military Exercises, Proposed Nato Article 5 Clarifications For Hybrid Attacks, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Primary: Russian State-Affiliated Actors (Alleged)Secondary: ["Russian 'Shadow Fleet' Vessels (e.g., *Eagle S*)", 'Russian Fishing Trawlers (Svalbard Incident)', 'Ukrainian Citizens Linked to Russian Intelligence (Poland Rail Sabotage)']Denial: Russia denies all allegations and labeling them 'Russophobia'.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2022-01-07.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2022-02-00.
Impact of the Incidents
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Estlink 2 (Finland-Estonia Power/Telecom Cable)Svalbard Undersea Cable System (Norway)Unspecified Telecom Cables in Gulf of Finland.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was marinetraffic (ship tracking data), open-source intelligence (osint) for trawler movements, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Detention of *Eagle S* Vessel (Later Released)Increased Maritime Patrols (NATO Assets).
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Finnish Criminal Case Against *Eagle S* Crew (Dismissed), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Redundant Infrastructure Mitigates Operational Impact (e.g., Svalbard Cables).
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Develop Rapid-Response Protocols for Cable Sabotage Incidents, Expand Maritime Domain Awareness in the Baltic Sea, Deepen NATO-Industry Collaboration for Infrastructure Hardening, Increase Real-Time Monitoring of Undersea Cables with AI/ML Anomaly Detection and Clarify Thresholds for Invoking Article 5 in Hybrid Warfare Scenarios.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Space Norway (Svalbard Cable Operator), CBS News, Royal United Services Institute (RUSI), NATO Press Release (Operation Baltic Sentry) and Finnish National Bureau of Investigation.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.cbsnews.com, https://rusi.org, https://poliisi.fi, https://spacenorway.no, https://www.nato.int .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is [{'case': 'Estlink 2 (Finland-Estonia)', 'status': 'Criminal Charges Dismissed (Prosecutors Appealing)'}, {'case': 'Svalbard Cable (Norway)', 'status': 'Closed (Lack of Evidence)'}, {'case': 'Polish Rail Sabotage', 'status': 'Ongoing (Suspects Identified)'}].
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was NATO Members Urged to Enhance Critical Infrastructure Protection, Baltic States Advised to Diversify Connectivity Routes, Energy and Telecom Sectors Warned of Hybrid Threats, .
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Svalbard Incident: >12 Trawler Passes Before DamageEagle S: Departed Ust-Luga on Day of Outage.
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=telenor-group' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
