Attack On Denmark's Critical Infrastructure

Uploaded on 2023-11-30 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Hackers identified to be working at the direction of Russia’s GRU military intelligence agency carried out a series of highly coordinated cyber attacks on Danish energy infrastructure in the spring of this year. 

A new report from Denmark's SektorCERT  has identified attacks on more than twenty energy companies in Denmark during May 2023, which forced several of them to disable their Internet connections. 

SektorCERT is a non-profit cyber security centre for critical sectors in Denmark, described these attacks as the biggest national cyber incident to date.

"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace... The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." according to the report.

SektorCERT found evidence connecting one or more attacks to operatives connected to Russia's GRU, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on analysis of communications across IP addresses that have been traced to Russian hackers. 

The report says that zero-day vulnerabilities in Zyxel firewalls used by many Danish infrastructure operators to protect their networks were exploited. Most of the attacks were possible because the companies had not updated their firewalls. 

In case the hackers had chosen to turn off power from the infrastructure they had gained control of, as many as 100,000 people in Denmark could have been left without either electricity or heating.

Fortunately, the attack was quickly discovered, security gaps were closed and the companies’ customers were not affected. However, in so doing, several companies had to go into off-grid mode to isolate their systems and prevent the spread of the attack. 

“The attackers knew in advance who they were going to target and got it right every time. Denmark is constantly under attack. But it is unusual that we see so many concurrent, successful attacks against the critical infrastructure,” SektorCERT said.

Eleven Danish companies were immediately compromised in a simultaneous attack that prevented the energy firms from warning others about the attack. SektorCERT's analysis indicated traffic on breached networks came from servers associated with a unit of Russian military hackers.

Thay are almost certainly linked to the GRU's Unit 74455, also known as Sandworm. The state-sponsored hacker collective is probably best known for sustained attacks on critical infrastructure in Ukraine. 

In another recent report from the US cyber security company, Mandiant, identified how this hacking group used novel techniques to conduct a targeted attack on a Ukrainian power substation in late 2022, demonstrating the latest evolution in Russia’s cyber physical attack capability.

These have been increasingly evident visible since Russia’s attempted invasion of Ukraine and suggest a growing maturity of Russia’s offensive techniques against Operating Technology (OT), which comprise a range of powerful capabilities to attack critical infrastructure.

SektorCERT:     Mandiant:     Bloomberg:      Infosecurity Magazine:   Resecurity:   Hacker News:   Cybernews

Image: Ed White

Four Key Cybersecurity Trends For Industrial Companies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Supply Chain Attack On British Law Firms
The Global Effects Of The Internet On Society »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Armexa

Armexa

Armexa is a leading provider of advanced industrial cybersecurity solutions that protect your critical OT and ICS infrastructure against ever-changing threats.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Mobb

Mobb

Mobb's AI-powered technology automates vulnerability remediations to significantly reduce security backlogs and free developers to focus on innovation.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Affinity Technology Partners

Affinity Technology Partners

Affinity Technology Partners has been fueling the growth of Nashville, Tennessee businesses and nonprofits with reliable IT services since 2002.

Consortium

Consortium

Consortium goes beyond products and promises by working with enterprises to identify, acquire, and deploy cybersecurity solutions that matter.

Charm Security

Charm Security

Charm Security is an AI-powered customer security platform that protects organizations and their customers from scams, social engineering, and human-centric fraud.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.

Prismo Systems

Prismo Systems

Prismo provides a unified platform to secure software development across the entire SDLC and deployment on any cloud or on-premises infrastructure.