Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Devastating Cyberattack by Russian Hackers Hits Denmark’s Energy Sector

Executive Summary

Denmark recently faced its largest cyberattack on record, targeting its energy infrastructure. The attacks, potentially linked to Russia’s GRU Main Intelligence Directorate, involved 22 companies overseeing various components of Denmark’s energy infrastructure.

This incident is significant due to Denmark’s global leadership in green energy and the high risk of cyber espionage in its energy sector.

The attack was characterised by its meticulous planning and execution, exploiting vulnerabilities in Zyxel firewalls. The nature of the attack and the involvement of sophisticated state-sponsored cybercrime group indicate a serious threat to national security and highlight the need for enhanced cybersecurity measures.

What Happened

In May 2023, Danish energy infrastructure was targeted by a coordinated cyberattack, resulting in the compromise of 22 companies. This attack is considered the largest in Danish history.

SektorCERT, a nonprofit cybersecurity center for critical sectors in Denmark reported that the hackers exploited vulnerabilities in Zyxel firewalls, which are commonly used by Danish energy firms for security purposes. The attackers executed a simultaneous campaign against the targeted companies. As a result, several companies disconnected from the national power network and entered ‘island mode’ to prevent further spread.

The objective of the attack was intelligence gathering. The hackers gained control of the firewall and accessed critical infrastructure. The potential consequences would have been severe if their aim had been operational disruption. More than 100,000 people in Denmark could have been left without electricity or heating for a period.

SektorCERT emphasized the importance of regular firewall updates for companies and highlighted the risks associated with neglecting cybersecurity maintenance. Their analysis revealed that the traffic on breached networks originated from servers associated with Russia’s GRU’s infamous Unit 74455, popularly known as Sandworm.

About the Vulnerability

The core of the attack was the exploitation of zero-day vulnerabilities in Zyxel firewalls, specifically CVE-2023-28771. This vulnerability, with a CVSS score of 9.8, allowed attackers to gain remote access to industrial control systems without authentication.

Zyxel released a patch for the vulnerability on April 25th. However, most companies fell victim because they had not updated their firewalls; some avoided the updates due to installation costs, while others were under the mistaken belief that updates were automatic or vendor-managed.

This oversight highlights the importance of regular software updates and the risks associated with neglecting cybersecurity maintenance.

About Sandworm

Sandworm’s Attacks on Ukraine:

Sandworm has been involved in a series of disruptive and destructive cyberattacks on critical infrastructure in Ukraine.

These attacks include targeting a Ukrainian critical infrastructure organization, causing power outages and coinciding with mass missile strikes on critical infrastructure.

Sandworm has also targeted Ukrainian telecom providers to gain control over infected devices and launched multiple cyber attacks on the Ukrainian National Information Agency “Ukrinform” to cripple their information and communication systems.

Global Impact:

Sandworm’s activities extend beyond Ukraine and have had significant global impact, including:

  • NotPetya Cyberattack: Sandworm was responsible for the most expensive cyberattack in history, known as NotPetya. This attack resulted in more than $10 billion in global damages in 2017.
  • 2018 Winter Olympics: The group targeted the IT infrastructure of the 2018 Winter Olympics held in South Korea.

These attacks demonstrate Sandworm’s capability to disrupt critical infrastructure, steal sensitive information, and cause widespread economic damage. The group’s activities have raised concerns about its potential to carry out disruptive cyber attacks with global impact.

Takeaways

The Danish cyberattack underscores the importance of cybersecurity vigilance, especially for critical infrastructure. Key takeaways include the necessity of regular software updates, the implementation of segmented networks, and the need for a proactive cybersecurity strategy.

The attack also highlights the threat posed by state actors, emphasising the need for national security measures to protect against cyber espionage. The incident serves as a reminder that cyberattacks can have far-reaching and significant impacts on national infrastructure and security.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.