Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months.
The security breach is the result of the SolarWinds supply chain attack that was carried out by the Nobelium APT group (aka APT29, Cozy Bear, and The Dukes).
The intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request.
“Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2.
“It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020.”
Security staff at the bank found no evidence of compromise beyond the initial intrusion that took place after the financial institutions installed tainted updates for the SolarWinds Orion software.
Experts speculate that the intrusion was not the result of a targeted attack. Denmark’s central bank told Version2 that once discovered the intrusion it immediately started the incident response procedure.
“The intervention was consistent and rapid in a satisfactory manner, and according to the analyzes carried out, there was no evidence that the attack had any real consequences.” Denmark’s central bank told Version2.
Nobelium continues to target organizations worldwide, last week Microsoft said that the nation-state actor compromised at least three new entities. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM APT.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, SolarWinds)
[adrotate banner=”5″]
[adrotate banner=”13″]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best…
Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…
This website uses cookies.