Heimdal
article featured image

Contents:

Russian-based threat actors compromised Denmark’s central bank by secretly placing malware that enabled their access to the financial institution network for seven months without being noticed.

The breach was part of the SolarWinds cyber-espionage operation last year that the United States government attributed to the Russian Foreign Intelligence Service, through its hacking division commonly referred to as APT29, Cozy Bear, or Nobelium.

The Russian government has been formally accused by the U.S. of the SolarWinds supply-chain attack that provided hackers with access into as many as 18,000 government entities and Fortune 500 companies as to at least nine federal agencies and more than 100 companies were exposed to the breach.

Backdoor to Denmark’s Central Bank Network Open for Seven Months

The cybercriminals could use SolarWinds to get inside a network and then create a backdoor for potential ongoing access.

According to technology publication Version2, such a backdoor stood open at the Danmarks Nationalbank for more than half a year until it was noticed by US security firm Fire Eye.

Even if the attackers had access to the central bank’s network for quite a while, the financial institution, which manages transactions worth billions of dollars every day, declared it found no evidence that the cyberattack had any real results.

This shows that Denmark’s central bank was just a victim of the larger attack and it was not a target of interest for the criminals, as was the case with multiple U.S. federal agencies.

According to Version2, the bank revealed that it was impacted by the SolarWinds supply-chain attack but that it reacted quickly and took measures right after it found out about the breach.

Action was taken quickly and consistently in a satisfactory manner, and according to the analyzes performed, there were no signs that the attack has had any real consequences.

Source

On December 13, 2020, FireEye announced the discovery of a highly sophisticated cyber intrusion that leveraged a commercial software application made by SolarWinds.

The threat actors started focusing on organizations in the U.S., their objective being to obtain access to emails of specific targets, including many government agencies.

According to Microsoft, the Russian threat actors have been running new operations, with at least three companies being attacked.

Microsoft’s investigation of the attacks revealed that the hacking group behind the massive cyber-espionage activity exploiting the SolarWinds platform recently initiated another cyberattack operation targeting a Microsoft customer support agent.

Microsoft has reacted immediately by removing the access and securing the compromised device. All customers that were compromised or targeted were being contacted through its nation-state notification process.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE