Attack On Denmark's Critical Infrastructure

Uploaded on 2023-11-30 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Hackers identified to be working at the direction of Russia’s GRU military intelligence agency carried out a series of highly coordinated cyber attacks on Danish energy infrastructure in the spring of this year. 

A new report from Denmark's SektorCERT  has identified attacks on more than twenty energy companies in Denmark during May 2023, which forced several of them to disable their Internet connections. 

SektorCERT is a non-profit cyber security centre for critical sectors in Denmark, described these attacks as the biggest national cyber incident to date.

"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace... The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." according to the report.

SektorCERT found evidence connecting one or more attacks to operatives connected to Russia's GRU, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on analysis of communications across IP addresses that have been traced to Russian hackers. 

The report says that zero-day vulnerabilities in Zyxel firewalls used by many Danish infrastructure operators to protect their networks were exploited. Most of the attacks were possible because the companies had not updated their firewalls. 

In case the hackers had chosen to turn off power from the infrastructure they had gained control of, as many as 100,000 people in Denmark could have been left without either electricity or heating.

Fortunately, the attack was quickly discovered, security gaps were closed and the companies’ customers were not affected. However, in so doing, several companies had to go into off-grid mode to isolate their systems and prevent the spread of the attack. 

“The attackers knew in advance who they were going to target and got it right every time. Denmark is constantly under attack. But it is unusual that we see so many concurrent, successful attacks against the critical infrastructure,” SektorCERT said.

Eleven Danish companies were immediately compromised in a simultaneous attack that prevented the energy firms from warning others about the attack. SektorCERT's analysis indicated traffic on breached networks came from servers associated with a unit of Russian military hackers.

Thay are almost certainly linked to the GRU's Unit 74455, also known as Sandworm. The state-sponsored hacker collective is probably best known for sustained attacks on critical infrastructure in Ukraine. 

In another recent report from the US cyber security company, Mandiant, identified how this hacking group used novel techniques to conduct a targeted attack on a Ukrainian power substation in late 2022, demonstrating the latest evolution in Russia’s cyber physical attack capability.

These have been increasingly evident visible since Russia’s attempted invasion of Ukraine and suggest a growing maturity of Russia’s offensive techniques against Operating Technology (OT), which comprise a range of powerful capabilities to attack critical infrastructure.

SektorCERT:     Mandiant:     Bloomberg:      Infosecurity Magazine:   Resecurity:   Hacker News:   Cybernews

Image: Ed White

Four Key Cybersecurity Trends For Industrial Companies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Supply Chain Attack On British Law Firms
The Global Effects Of The Internet On Society »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

Malware.lu

Malware.lu

Malware.lu is a repository of malware and technical analysis. The goal of the project is to provide samples and technical analysis to security researchers.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Titanium Industrial Security

Titanium Industrial Security

Titanium Industrial Security specializes in advising and accompanying companies on cybersecurity in Connected Industry (Industry 4.0 / Smart Factory / IIoT).

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

CTM360

CTM360

CTM360® is a Cyber Security subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to cyber threats.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

Protek International

Protek International

Protek International delivers world-class Digital Forensics, eDiscovery, Cyber Security, and related Advisory services.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

Secjur

Secjur

Secjur is a provider of AI-based compliance tools that aim to put compliance, data protection, information security and whistleblowing on autopilot.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.