Intel Brief: Espionage Breach at US Embassy in Oslo

Date: 31/07/2025 12:00 GMT+2

Where: 

• Oslo, Norway

Who’s involved:

• Mohamed Orahhou

• Russian and Iranian Intelligence Services

• Norwegian Authorities

• US Embassy in Oslo

What happened:

On 23/07/2025, Mohamed Orahhou, a Norwegian national in his twenties and former security guard at the US embassy in Oslo, was charged with espionage by Norwegian authorities. Allegedly, he was spying for Iran and the Russian foreign intelligence service, the SVR. The charges come after an eight-month investigation into claims that Orahhou shared private information about American diplomats and Norwegian intelligence officers. He is suspected of providing Russian and Iranian foreign intelligence officials with names, contact information, and evacuation plans for the embassy between March and November 2024. Allegedly, the information was shared at classified meetings in Norway, Turkey, and Serbia. Norwegian authorities claim that in exchange for his collaboration, Orahhou received €10,000 from Russia and 0.17 Bitcoin (at the time worth around €10,000) from Iran. The indictment also alleges that Orahhou took deliberate measures to avoid detection, including transferring part of the money he received to bank accounts belonging to family members to prevent his employers from noticing a sudden spike in his own account, and later asking them to return the funds to him. Orahhou faces up to 21 years in prison.

Analysis:

• The espionage case is one of the most serious diplomatic and national security breaches in Norway in recent years. The defendant’s access to embassy infrastructure and sensitive information once again underlines the vulnerability to foreign intelligence operations.

• Orahhou's cooperation with both Russian and Iranian intelligence suggests a coordinated joint operation, signalling emerging strategic cooperation between Moscow and Tehran in targeting Western diplomatic assets.

• The use of cash and cryptocurrency payments shows efforts to obscure financial trails, which have not been too prevalent in previous espionage cases.

• Internal security audits at NATO-aligned diplomatic locations throughout Europe may be triggered by the case, especially with reference to low-clearance employees and third-party contractors. 

• Despite the defense's claim that the leaked material was not classified, the presence of personal information and evacuation preparations raises concerns regarding the embassy staff's physical security.

  
  

Advice and Mitigation:

This case highlights the renewed threat of espionage and sabotage in today’s world. To reduce the risk of becoming the next target, there are some straightforward steps your organization should take:

• Limit access to sensitive information: Ensure that only personnel with a legitimate need-to-know have access to classified or operationally critical data. Regularly review and update access permissions.

• Strengthen personnel screening and oversight: Conduct thorough background checks, periodic re-evaluations, and monitor for behavioral red flags—especially among employees in sensitive roles or those with access to sensitive information.

• Practice discretion: Avoid discussing sensitive work-related matters in public or semi-public settings, including cafes, transit, or online forums.

• Protect personal data: Be cautious with sharing professional affiliations, job details, or travel patterns on social media or networking platforms.

• Secure communications: Use encrypted messaging apps for sensitive communication, especially if operating in security, defense, or diplomatic sectors.

• Exercise caution during travel: Be aware of risks when traveling through countries known to host intelligence operatives or serve as neutral grounds for clandestine activity.

• Report suspicious contact: Immediately report any unsolicited approaches, requests for information, or unusual interest in your professional role to your organization’s security lead or local authorities.