Denmark’s Central Bank compromised for 7 months by Russian hackers

by | July 3, 2021 | Cybersecurity News

Russian attackers accessed Denmark’s central bank network with the use of a hidden malware. This granted them access to the institution’s systems for seven months without being noticed.

The cyberattack was part of the SolarWinds espionage scheme last year. The U.S. attributed the illicit operation to the Russian Foreign Intelligence Service, through its hacking division, called APT29, Cozy Bear, or Nobelium.

Denmark's central bank was compromised for 7 months
Denmark’s Central Bank building

The attackers accessed Denmark’s Central Bank systems through an unnoticed backdoor

SolarWinds vulnerabilities can be used by cybercriminals to gain access to a network and then create a secret backdoor to maintain it.

This kind of backdoor allegedly remained open for seven months at the Danish financial institution, going completely unnoticed until the U.S. security firm FireEye detected it.

Denmark’s Central Bank response

Despite being exposed for an astonishing amount of time, the bank’s representatives stated that they couldn’t find any evidence the attack had any tangible consequences beyond the first stage of the attack. This is unexpected, considering the bank manages transactions worth billions of dollars each and every day.

This serves as proof that Denmark’s central bank was not a primary target for the hackers and it was merely collateral damage of a much larger scheme. This was the case for multiple U.S. federal agencies too.

According to Version2, a technology publication, the bank declared that their response to the breach was quick upon finding out about it:

“Action was taken quickly and consistently in a satisfactory manner, and according to the analyzes performed, there were no signs that the attack has had any real consequences.”

“The SolarWinds attack also hit the financial infrastructure in Denmark. The relevant systems were contained and analyzed as soon as the compromise of SolarWinds Orion became known,” they added.

On June 30, the bank issued a statement in which it denies allegations that the cyberattack had created a backdoor to its network, which media reports claimed had stayed open for months.

However, the financial institution acknowledges its systems were vulnerable to the SolarWinds malware, as were those of other 18,000 organizations.

The SolarWinds cyberattack has targeted multiple government agencies

SolarWinds was not quick to respond to an emailed request for comment.

The Russian government has denied being involved in any way in the SolarWinds hack, which has hit numerous institutions worldwide since its discovery in 2020.

SolarWinds became known to the public on December 13 of last year, when FireEye detected the attackers’ presence on their systems.

Soon after, it became clear that the complex attack targets important institutions in the U.S. The main goal seems to be gaining access to cloud assets, especially email, of specific targets.

Microsoft has tracked the criminal group as Nobelium and stated that the threat actors have been running new operations, compromising at least three entities.

Microsoft president Brad Smith described the cyberattack as “the largest and most sophisticated attack the world has ever seen.”

The ongoing Microsoft investigation of the cyberattack has uncovered that the hackers behind the tremendous cyber-espionage operation recently launched a new cyberattack, this time targetting a Microsoft customer support agent. It was carried out using an information-stealing trojan.

Microsoft’s reaction was quick, immediately removing the access and securing the compromised device. Afterward, every customer that was targeted or compromised was contacted through the company’s notification process.

The U.S. government clearly attributed the SolarWinds espionage campaign to the Russian SVR in April this year.

The White House stated that “the scope of this compromise is a national security and public safety concern.” The magnitude of the incident led to a series of sanctions against a number of Russian technology companies for assisting Russian Intelligence Services in carrying out malicious actions against the United States.

Source:

Heimdal Security https://heimdalsecurity.com/blog/denmarks-central-bank-network-accessed-for-months-by-russian-threat-actors/

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.