Russian Cyber Onslaught: Unraveling the Largest-Ever Attack on Denmark’s Critical Infrastructure
Russian threat actors are potentially tied to what Danish authorities are labeling the “largest cyber attack against Danish critical infrastructure.” This sophisticated assault, which unfolded in May 2023, targeted 22 companies integral to the operation of Denmark’s energy sector.
SektorCERT, Denmark’s cybersecurity agency, revealed that these cyberattacks were anything but ordinary, emphasizing that the assailants displayed an uncanny precision, hitting all their targets with unerring accuracy.
The agency discovered compelling evidence linking one or more of these attacks to Russia’s GRU military intelligence agency, also known as Sandworm, a notorious entity with a history of orchestrating disruptive cyber assaults, especially on industrial control systems.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The meticulously coordinated cyber onslaught occurred on May 11, leveraging CVE-2023-28771, a critical command injection flaw affecting Zyxel firewalls, disclosed just a month prior. The attacks aimed at 11 companies successfully infiltrated these systems, executing malicious code to meticulously survey firewall configurations and plan subsequent actions.
SektorCERT’s detailed timeline of events highlighted the rarity and effectiveness of such coordination, emphasizing that simultaneous attacks leave no room for information sharing and warnings. A second wave of attacks occurred from May 22 to 25, introducing previously unseen cyber weapons, raising questions about the involvement of multiple threat actors.
The attackers potentially exploited two additional critical vulnerabilities in Zyxel gear (CVE-2023-33009 and CVE-2023-33010) as zero-days, turning the firewalls into Mirai and MooBot botnets. The compromised devices, in some instances, were then utilized for distributed denial-of-service (DDoS) attacks against unspecified companies in the U.S. and Hong Kong.
Trending: Jeff Foley – OWASP Amass Founder
Trending: Offensive Security Tool: Ghauri
In response to the escalating threat, the affected entities opted to disconnect from the internet, entering what SektorCERT described as “island mode.” While nation-state actors are implicated, the energy sector is increasingly attracting ransomware groups, adding another layer of complexity to the evolving cybersecurity landscape.
Recent findings also link Moscow-based IT contractor NTC Vulkan to the attacks, suggesting a broader web of connections and potential involvement in leaked initiatives contracted by the GRU.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
New Ghost Tap Attack: The Next-Level Credit Card Scam Exploiting Apple Pay and Google Pay
Apple Rushes to Patch Two Zero-Day Exploits Targeting Intel-Based Macs
Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit
Critical Flaw in Popular WordPress Plugin Puts Millions of Websites at Risk
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
