Home Cyber Security New Findings Problem Attribution in Denmark’s Vitality Sector Cyberattacks

New Findings Problem Attribution in Denmark’s Vitality Sector Cyberattacks

0
New Findings Problem Attribution in Denmark’s Vitality Sector Cyberattacks

[ad_1]

Jan 14, 2024NewsroomCyber Assault / Vulnerability

Denmark's Energy Sector Cyberattacks

The cyber assaults focusing on the vitality sector in Denmark final 12 months might not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout present.

The intrusions, which focused round 22 Danish vitality organizations in Could 2023, occurred in two distinct waves, one which exploited a safety flaw in Zyxel firewall (CVE-2023-28771) and a follow-on exercise cluster that noticed the attackers deploy Mirai botnet variants on contaminated hosts by way of an as-yet-unknown preliminary entry vector.

Cybersecurity

The primary wave occurred on Could 11, whereas the second wave lasted from Could 22 to 31, 2023. In a single such assault detected on Could 24, it was noticed that the compromised system was speaking with IP addresses (217.57.80[.]18 and 70.62.153[.]174) that had been beforehand used as command-and-control (C2) for the now-dismantled Cyclops Blink botnet.

Denmark's Energy Sector Cyberattacks

Forescout’s nearer examination of the assault marketing campaign, nonetheless, has revealed that not solely had been the 2 waves unrelated, but additionally unlikely the work of the state-sponsored group owing to the actual fact the second wave was a part of a broader mass exploitation marketing campaign towards unpatched Zyxel firewalls. It is at the moment not identified who’s behind the dual units of assaults.

“The marketing campaign described because the ‘second wave’ of assaults on Denmark, began earlier than and continued after [the 10-day time period], focusing on firewalls indiscriminately in a really comparable method, solely altering staging servers periodically,” the corporate mentioned in a report aptly titled “Clearing the Fog of Warfare.”

Cybersecurity

There’s proof to recommend that the assaults might have began as early as February 16 utilizing different identified flaws Zyxel gadgets (CVE-2020-9054 and CVE-2022-30525) alongside CVE-2023-28771, and persevered as late as October 2023, with the exercise singling out numerous entities throughout Europe and the U.S.

“That is additional proof that exploitation of CVE-2023-27881, relatively than being restricted to Danish essential infrastructure, is ongoing and focusing on uncovered gadgets, a few of which simply occur to be Zyxel firewalls safeguarding essential infrastructure organizations,” Forescout added.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.



[ad_2]