Attack On Denmark's Critical Infrastructure

Uploaded on 2023-11-30 in INTELLIGENCE-Hot Spots-Russia, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Hackers identified to be working at the direction of Russia’s GRU military intelligence agency carried out a series of highly coordinated cyber attacks on Danish energy infrastructure in the spring of this year. 

A new report from Denmark's SektorCERT  has identified attacks on more than twenty energy companies in Denmark during May 2023, which forced several of them to disable their Internet connections. 

SektorCERT is a non-profit cyber security centre for critical sectors in Denmark, described these attacks as the biggest national cyber incident to date.

"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace... The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target." according to the report.

SektorCERT found evidence connecting one or more attacks to operatives connected to Russia's GRU, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on analysis of communications across IP addresses that have been traced to Russian hackers. 

The report says that zero-day vulnerabilities in Zyxel firewalls used by many Danish infrastructure operators to protect their networks were exploited. Most of the attacks were possible because the companies had not updated their firewalls. 

In case the hackers had chosen to turn off power from the infrastructure they had gained control of, as many as 100,000 people in Denmark could have been left without either electricity or heating.

Fortunately, the attack was quickly discovered, security gaps were closed and the companies’ customers were not affected. However, in so doing, several companies had to go into off-grid mode to isolate their systems and prevent the spread of the attack. 

“The attackers knew in advance who they were going to target and got it right every time. Denmark is constantly under attack. But it is unusual that we see so many concurrent, successful attacks against the critical infrastructure,” SektorCERT said.

Eleven Danish companies were immediately compromised in a simultaneous attack that prevented the energy firms from warning others about the attack. SektorCERT's analysis indicated traffic on breached networks came from servers associated with a unit of Russian military hackers.

Thay are almost certainly linked to the GRU's Unit 74455, also known as Sandworm. The state-sponsored hacker collective is probably best known for sustained attacks on critical infrastructure in Ukraine. 

In another recent report from the US cyber security company, Mandiant, identified how this hacking group used novel techniques to conduct a targeted attack on a Ukrainian power substation in late 2022, demonstrating the latest evolution in Russia’s cyber physical attack capability.

These have been increasingly evident visible since Russia’s attempted invasion of Ukraine and suggest a growing maturity of Russia’s offensive techniques against Operating Technology (OT), which comprise a range of powerful capabilities to attack critical infrastructure.

SektorCERT:     Mandiant:     Bloomberg:      Infosecurity Magazine:   Resecurity:   Hacker News:   Cybernews

Image: Ed White

Four Key Cybersecurity Trends For Industrial Companies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Supply Chain Attack On British Law Firms
The Global Effects Of The Internet On Society »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

KeepSolid

KeepSolid

KeepSolid is a Virtual Private Network services provider offering secure encrypted access to the internet.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

CRI Group

CRI Group

CRI Group excels at deterring, detecting and investigating crimes against businesses using a global network of professionals specially trained in Anti-Corruption, Risk Management and Compliance.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

North Green Security

North Green Security

North Green Security is a UK-based cyber security training and consultancy company.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

Ark Technology Consultants

Ark Technology Consultants

Ark Technology Consultants is a unique IT Services Firm which blends technology solutions with consultative insight around governance and process management.