Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) by planting malware that gave them access to the network for several months without being detected.
The breach was part of the SolarWinds cyber espionage campaign last year which was attributed to the Russian Foreign Intelligence Service, the SVR, through its hacking division also known by the names APT29, The Dukes, Cozy Bear, or Nobelium.
The compromise came to light after technology publication Version2 obtained official documents from the Danish central bank through a freedom of information request.
The SolarWinds campaign is one of the most sophisticated supply-chain attacks as trojanized versions of the IT management platform SolarWinds Orion was downloaded by 18,000 organizations across the world.
Even though the hackers had access for a long time, the bank could not find any evidence of compromise beyond the first stage of the attack, as it happened with thousands of organizations that installed the trojanized version of SolarWinds Orion.
So, Denmark’s central bank was merely a victim of the larger attack and it was not a target of interest for the hackers, as was the case with several U.S. federal agencies.
The bank stated in an email statement for Version2, that it was affected by the SolarWinds supply-chain attack and that it took action immediately after they became aware of the compromise.
Nobelium continues to target organizations worldwide, last week Microsoft Threat Intelligence Center has uncovered a wide-scale malicious email campaign conducted by them.
Image Credits : USNews