Largest Cyber-Attack in Danish History: Russian State-Sponsored Hackers Breach 22 Energy Companies

Police – Accident – Death – Obituary News : Russian State-Sponsored Hackers Breach Danish Energy Sector Companies

Russian state-sponsored hackers have successfully breached at least 22 Danish companies operating in the country’s energy sector, according to Denmark’s CERT team for the critical infrastructure sector (SektorCERT). The intrusions, which occurred throughout May, have been described as the largest cyber-attack in the country’s history. In a report published over the weekend, SektorCERT tentatively attributed the attacks to Sandworm, a cyber unit within Russia’s military intelligence service GRU.

The initial point of entry for the attacks was Zyxel firewalls, and multiple waves of attacks took place. The first wave exploited a vulnerability tracked as CVE-2023-28771, while subsequent waves used a combination of CVE-2023-33009 and CVE-2023-33010. Zyxel released patches for these vulnerabilities in June. The targeted companies had to disconnect from the internet to investigate the hacks, but SektorCERT stated that there was no impact on their operations. The attacks were likely intended for reconnaissance and establishing persistence. The 22 affected companies provide electricity and heat to around 100,000 Danes.

The cyber-attacks occurred just three days after Denmark’s cybersecurity agency raised the country’s cyberespionage threat level to VERY HIGH. SektorCERT detected the intrusions through a network of sensors installed at electricity, heating, and water plants across Denmark.

Dutch Company Tunstall Hit by Cyber-Attack, Customers Advised to Keep Phones Handy

Dutch company Tunstall, which provides personal medical alarm systems, has advised its customers to keep their phones at hand following an ongoing cyber-attack. The attack, which began on Saturday, has disrupted Tunstall’s personal medical alarm system, blocking alarms from reaching its control room. Tunstall’s alarm systems are primarily used by the elderly to trigger alerts in case of healthcare emergencies.

US Branch of Industrial and Commercial Bank of China Pays Ransom After Ransomware Attack

The US branch of the Industrial and Commercial Bank of China (ICBC) has reportedly paid a ransom to the LockBit ransomware group after the group encrypted the bank’s systems. The ransomware attack occurred at the end of last week, leading to the shutdown of the Chinese bank’s ability to complete transactions on the US market.

Other Cybersecurity News:

– The Telecommunications Services of Trinidad and Tobago (TSTT), the largest telecom provider in the country, has confirmed that it was hacked by the RansomExx ransomware gang at the beginning of October.
– More than 2.7 million user records from Moroccan e-commerce service Avito were dumped into the public domain. The data was stolen in a security breach in November 2022.
– US healthcare provider McLaren Health announced that hackers gained access to the private and health data of almost 2.2 million customers after a ransomware attack in July.
– Google engineers have announced plans to deprecate and remove support for third-party cookies from the Chrome web browser. Third-party cookies will be phased out for all users by Q3 2024.
– Meta (formerly Facebook) is working on adding support for usernames on WhatsApp to replace the current system that uses phone numbers as user identities.
– Microsoft has released version 8 of the .NET runtime.
– The FBI has dismantled the IPStorm botnet and detained the malware’s creator, Sergei Makinin, a Russian and Moldovan national who has already pleaded guilty to three hacking-related charges.
– The FBI allegedly knows the real-world identities of at least a dozen members of the Scattered Spider hacking group responsible for recent breaches at MGM and Caesars casino operators.
– Google has sued a group of individuals for distributing malware disguised as its Bard AI tool.
– The Federal Communications Committee has proposed a pilot program to protect K-12 schools and libraries against cyber threats, with a budget of up to $200 million.
– The UK NCSC has published its Annual Review, highlighting future risks and issues the UK may face in the coming year, including AI, challenges from China, and an increase in aggressivity from state-aligned cyber groups.
– Russian officials are planning to create a separate internet for all BRICS+ countries.
– The Nepalese government has banned Chinese social media app TikTok, citing disruption of social harmony.
– Hackers linked to Russia’s Foreign Intelligence Service (SVR) have been observed using a recently patched WinRAR zero-day vulnerability in attacks targeting European embassies.
– Palo Alto Networks has detailed how the Storm-0978 (RomCom) group has been exploiting a zero-day vulnerability in the Windows Search feature to target Ukrainian organizations.
– Ukraine’s CERT team has warned about a series of attacks by threat actor UAC-0050 attempting to install the Remcos RAT.
– Proofpoint researchers have published a breakdown of the TA402 group’s ongoing cyber-espionage campaign targeting government entities in the Middle East and Africa.

This news article is brought to you by Gigamon Precryption, a visibility solution for encrypted traffic across virtual machine (VM) or container workloads. Gigamon’s “precryption” solution enables advanced threat detection, investigation, and response across hybrid cloud infrastructure. To learn more, visit gigamon.com/precryption..