Danish Energy Attacks Portend Targeting More Critical Infrastructure
November 14, 2023 – Published on Dark Reading
On May, 22 Danish energy sector organizations were compromised in an onslaught of attacks partially linked with Russia’s Sandworm APT.
A new report from the Danish critical infrastructure security nonprofit SektorCERT describes different groups of attackers leveraging multiple, critical vulnerabilities in Zyxel firewall devices, including two zero-days, to reach into industrial machinery, forcing some targets to “island,” isolating them from the rest of the national grid.
Some but not all of the breaches involved communications with servers known to be used by Sandworm, a group feared for its many previous grid attacks.
Though unprecedented in Denmark, on a global scale, nation-state attacks against critical energy companies are not new.
“They see the high risk and the corresponding high reward,” Drew Schmitt, practice lead at GuidePoint Security, explains of cybercriminal outfits. “As more groups like Alphv, Lockbit, and others continue to successfully attack the energy sector, more ransomware groups are noticing the potential gain of targeting and impacting these types of organizations. Additionally, victims in the energy sector add a lot of ‘street cred’ to the groups that are successfully attacking these organizations and getting away with it.”
As Denmark demonstrated, such attacks are only stopped when effective monitoring and defense is paired with partnership between companies and law enforcement. “At the end of the day, this is a problem that needs to be tackled holistically and coordinated between multiple teams and tools,” Schmitt concludes.
Read More HERE.