SolarWinds hackers remained hidden in Denmark’s central bank for months

Russia-linked threat actors compromised Denmark’s central bank (Danmarks Nationalbank) and remained in its systems for months.

Russia-linked threat actors infected the systems of Denmark’s central bank (Danmarks Nationalbank) and maintained access to its network for more than six months.

The security breach is the result of the SolarWinds supply chain attack that was carried out by the Nobelium APT group (aka APT29, Cozy Bear, and The Dukes).

The intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request.

“Some of the world’s most sophisticated hackers have had an IT backdoor at Danmarks Nationalbank for seven months. Danmarks Nationalbank itself cannot rule out that the suspected Russian state hackers have abused the back door to further compromise Danmarks Nationalbank.” states Version2.

“It shows an access to documents that Version2 has received in the case. Access to the file states that Danmarks Nationalbank, which operates Denmark’s central financial infrastructure, was hit by the worldwide Solarwinds hacker attack back in December 2020.”

Security staff at the bank found no evidence of compromise beyond the initial intrusion that took place after the financial institutions installed tainted updates for the SolarWinds Orion software.

Experts speculate that the intrusion was not the result of a targeted attack. Denmark’s central bank told Version2 that once discovered the intrusion it immediately started the incident response procedure.

“The intervention was consistent and rapid in a satisfactory manner, and according to the analyzes carried out, there was no evidence that the attack had any real consequences.” Denmark’s central bank told Version2.

Nobelium continues to target organizations worldwide, last week Microsoft said that the nation-state actor compromised at least three new entities. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM APT.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SolarWinds)

[adrotate banner=”5″]

[adrotate banner=”13″]