Contents:
Russian-based threat actors compromised Denmark’s central bank by secretly placing malware that enabled their access to the financial institution network for seven months without being noticed.
The breach was part of the SolarWinds cyber-espionage operation last year that the United States government attributed to the Russian Foreign Intelligence Service, through its hacking division commonly referred to as APT29, Cozy Bear, or Nobelium.
The Russian government has been formally accused by the U.S. of the SolarWinds supply-chain attack that provided hackers with access into as many as 18,000 government entities and Fortune 500 companies as to at least nine federal agencies and more than 100 companies were exposed to the breach.
Backdoor to Denmark’s Central Bank Network Open for Seven Months
The cybercriminals could use SolarWinds to get inside a network and then create a backdoor for potential ongoing access.
According to technology publication Version2, such a backdoor stood open at the Danmarks Nationalbank for more than half a year until it was noticed by US security firm Fire Eye.
Even if the attackers had access to the central bank’s network for quite a while, the financial institution, which manages transactions worth billions of dollars every day, declared it found no evidence that the cyberattack had any real results.
This shows that Denmark’s central bank was just a victim of the larger attack and it was not a target of interest for the criminals, as was the case with multiple U.S. federal agencies.
According to Version2, the bank revealed that it was impacted by the SolarWinds supply-chain attack but that it reacted quickly and took measures right after it found out about the breach.
Action was taken quickly and consistently in a satisfactory manner, and according to the analyzes performed, there were no signs that the attack has had any real consequences.
On December 13, 2020, FireEye announced the discovery of a highly sophisticated cyber intrusion that leveraged a commercial software application made by SolarWinds.
The threat actors started focusing on organizations in the U.S., their objective being to obtain access to emails of specific targets, including many government agencies.
According to Microsoft, the Russian threat actors have been running new operations, with at least three companies being attacked.
Microsoft’s investigation of the attacks revealed that the hacking group behind the massive cyber-espionage activity exploiting the SolarWinds platform recently initiated another cyberattack operation targeting a Microsoft customer support agent.
Microsoft has reacted immediately by removing the access and securing the compromised device. All customers that were compromised or targeted were being contacted through its nation-state notification process.