Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months.
Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months.
The security breach is the result of the SolarWinds supply chain attack that was carried out by the Nobelium APT group (aka APT29, Cozy Bear, and The Dukes).
The intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request.
“Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2.
“It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020.”
Security staff at the bank found no evidence of compromise beyond the initial intrusion that took place after the financial institutions installed tainted updates for the SolarWinds Orion software.
Experts speculate that the intrusion was not the result of a targeted attack. Denmark’s central bank told Version2 that once discovered the intrusion it immediately started the incident response procedure.
“The intervention was consistent and rapid in a satisfactory manner, and according to the analyzes carried out, there was no evidence that the attack had any real consequences.” Denmark’s central bank told Version2.
Nobelium continues to target organizations worldwide, last week Microsoft said that the nation-state actor compromised at least three new entities. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM APT.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, SolarWinds)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months.
Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months.
The security breach is the result of the SolarWinds supply chain attack that was carried out by the Nobelium APT group (aka APT29, Cozy Bear, and The Dukes).
The intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request.
“Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2.
“It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020.”
Security staff at the bank found no evidence of compromise beyond the initial intrusion that took place after the financial institutions installed tainted updates for the SolarWinds Orion software.
Experts speculate that the intrusion was not the result of a targeted attack. Denmark’s central bank told Version2 that once discovered the intrusion it immediately started the incident response procedure.
“The intervention was consistent and rapid in a satisfactory manner, and according to the analyzes carried out, there was no evidence that the attack had any real consequences.” Denmark’s central bank told Version2.
Nobelium continues to target organizations worldwide, last week Microsoft said that the nation-state actor compromised at least three new entities. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM APT.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, SolarWinds)