Attack On Denmark's Critical Infrastructure

Uploaded on 2023-11-30 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Hackers identified to be working at the direction of Russia’s GRU military intelligence agency carried out a series of highly coordinated cyber attacks on Danish energy infrastructure in the spring of this year. 

A new report from Denmark's SektorCERT  has identified attacks on more than twenty energy companies in Denmark during May 2023, which forced several of them to disable their Internet connections. 

SektorCERT is a non-profit cyber security centre for critical sectors in Denmark, described these attacks as the biggest national cyber incident to date.

"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace... The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." according to the report.

SektorCERT found evidence connecting one or more attacks to operatives connected to Russia's GRU, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on analysis of communications across IP addresses that have been traced to Russian hackers. 

The report says that zero-day vulnerabilities in Zyxel firewalls used by many Danish infrastructure operators to protect their networks were exploited. Most of the attacks were possible because the companies had not updated their firewalls. 

In case the hackers had chosen to turn off power from the infrastructure they had gained control of, as many as 100,000 people in Denmark could have been left without either electricity or heating.

Fortunately, the attack was quickly discovered, security gaps were closed and the companies’ customers were not affected. However, in so doing, several companies had to go into off-grid mode to isolate their systems and prevent the spread of the attack. 

“The attackers knew in advance who they were going to target and got it right every time. Denmark is constantly under attack. But it is unusual that we see so many concurrent, successful attacks against the critical infrastructure,” SektorCERT said.

Eleven Danish companies were immediately compromised in a simultaneous attack that prevented the energy firms from warning others about the attack. SektorCERT's analysis indicated traffic on breached networks came from servers associated with a unit of Russian military hackers.

Thay are almost certainly linked to the GRU's Unit 74455, also known as Sandworm. The state-sponsored hacker collective is probably best known for sustained attacks on critical infrastructure in Ukraine. 

In another recent report from the US cyber security company, Mandiant, identified how this hacking group used novel techniques to conduct a targeted attack on a Ukrainian power substation in late 2022, demonstrating the latest evolution in Russia’s cyber physical attack capability.

These have been increasingly evident visible since Russia’s attempted invasion of Ukraine and suggest a growing maturity of Russia’s offensive techniques against Operating Technology (OT), which comprise a range of powerful capabilities to attack critical infrastructure.

SektorCERT:     Mandiant:     Bloomberg:      Infosecurity Magazine:   Resecurity:   Hacker News:   Cybernews

Image: Ed White

Four Key Cybersecurity Trends For Industrial Companies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Supply Chain Attack On British Law Firms
The Global Effects Of The Internet On Society »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

CSIRT-IE

CSIRT-IE

CSIRT-IE is the body within the NCSC that provides assistance to constituents in responding to cyber security incidents at a national level for Ireland.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

xMatters

xMatters

xMatters is a digital service availability platform that helps enterprises prevent, manage, and resolve IT incidents before they can become business problems.

Digitale Gründerinitiative Oberpfalz (DGO)

Digitale Gründerinitiative Oberpfalz (DGO)

Digital Founder Initiative Oberpfalz's goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

PCCW Global

PCCW Global

PCCW Global is a leading communications service provider, offering mobility, voice and data solutions to multinational enterprises, telecomms partners, cloud and application service providers.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.

SyberFort

SyberFort

SyberFort offers a suite of SAAS-based platforms designed to fortify your digital defenses including Threat Intelligence and Brand Protection.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.