The company has reported the matter to the police and the national CERT, but said the breach had been detected quickly and steps had been taken to prevent future incidents, according to local reports.
Telenor has also notified Norway’s national security authority and the cyber defence unit.
The attackers used phishing emails that appeared to come from trusted contacts to trick executives into downloading malware designed to steal login credentials, emails, and personal and commercial data.
Telenor’s security director Rune Dyrlie told local media the attackers were able to download information, but it is still unclear what who was behind the attack and what they were after.
The cyber espionage attack was discovered when Telenor’s monitoring systems flagged abnormal traffic between the computers of Telenor executives and unknown IP addresses in various countries.
More on cyber espionage
- Researchers uncover advanced cyber espionage campaign
- Prolific cyber espionage group tied to the Chinese military
- RSA 2013: China not the only cyber espionage country, says Mandiant
- Dell SecureWorks uncovers cyber espionage targeting energy firms
- Security researchers discover powerful cyber espionage weapon 'Flame'
- Cyber espionage prevention strategies for your business
- US report on cyber espionage accuses China and Russia of repeated incursions
Earlier this month, Norwegian officials revealed that at least 20 sophisticated cyber attacks, apparently originating from China, were launched against high-profile organisations, according to Softpedia.
The attack highlights how even security-conscious companies are at risk from attacks that use botnets and stealthy malware, said Terry Greer-King, UK managing director for security firm Check Point.
“Our 2013 Security Report showed that 63% of private and government organisations worldwide were infected with bots that they didn’t know about,” he said.
The report also showed that 53% of those hijacked computers were infected with new malware at least once a day as a result of existing infections on their networks.
Some 70% of the bots detected in 2012, across more than 800 companies worldwide, communicated with their external command and control centres at least every two hours.
“Companies need multiple layers of protection, and security-aware employees to defend against these attacks,” said Greer-King.