Attack On Denmark's Critical Infrastructure

Hackers identified to be working at the direction of Russia’s GRU military intelligence agency carried out a series of highly coordinated cyber attacks on Danish energy infrastructure in the spring of this year. 

A new report from Denmark's SektorCERT  has identified attacks on more than twenty energy companies in Denmark during May 2023, which forced several of them to disable their Internet connections. 

SektorCERT is a non-profit cyber security centre for critical sectors in Denmark, described these attacks as the biggest national cyber incident to date.

"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace... The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." according to the report.

SektorCERT found evidence connecting one or more attacks to operatives connected to Russia's GRU, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on analysis of communications across IP addresses that have been traced to Russian hackers. 

The report says that zero-day vulnerabilities in Zyxel firewalls used by many Danish infrastructure operators to protect their networks were exploited. Most of the attacks were possible because the companies had not updated their firewalls. 

In case the hackers had chosen to turn off power from the infrastructure they had gained control of, as many as 100,000 people in Denmark could have been left without either electricity or heating.

Fortunately, the attack was quickly discovered, security gaps were closed and the companies’ customers were not affected. However, in so doing, several companies had to go into off-grid mode to isolate their systems and prevent the spread of the attack. 

“The attackers knew in advance who they were going to target and got it right every time. Denmark is constantly under attack. But it is unusual that we see so many concurrent, successful attacks against the critical infrastructure,” SektorCERT said.

Eleven Danish companies were immediately compromised in a simultaneous attack that prevented the energy firms from warning others about the attack. SektorCERT's analysis indicated traffic on breached networks came from servers associated with a unit of Russian military hackers.

Thay are almost certainly linked to the GRU's Unit 74455, also known as Sandworm. The state-sponsored hacker collective is probably best known for sustained attacks on critical infrastructure in Ukraine. 

In another recent report from the US cyber security company, Mandiant, identified how this hacking group used novel techniques to conduct a targeted attack on a Ukrainian power substation in late 2022, demonstrating the latest evolution in Russia’s cyber physical attack capability.

These have been increasingly evident visible since Russia’s attempted invasion of Ukraine and suggest a growing maturity of Russia’s offensive techniques against Operating Technology (OT), which comprise a range of powerful capabilities to attack critical infrastructure.

SektorCERT:     Mandiant:     Bloomberg:      Infosecurity Magazine:   Resecurity:   Hacker News:   Cybernews

Image: Ed White

Four Key Cybersecurity Trends For Industrial Companies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Supply Chain Attack On British Law Firms
The Global Effects Of The Internet On Society »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Paladion

Paladion

Paladion is a provider of managed IT security services.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Exabeam

Exabeam

Exabeam provides security intelligence and management solutions to help organizations of any size protect their most valuable information.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Inversion6

Inversion6

Inversion6 (formerly MRK Technologies) is a cybersecurity risk management provider that offers custom security solutions.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

Offensive Security Manager (OSM)

Offensive Security Manager (OSM)

Offensive Security Manager is the ultimate AI software that will enforce offensive security automation, orchestration, coverage, ensure quality, and lets you manage whole process.