company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Denmark Central Bank

Malware

loading..
loading..
loading..

Denmark Central Bank remained severely compromised for months until exposed

Hackers have been around for a long time; the bank said it found no evidence of compromise after the early stages of the attack, as did the thousands of organiz...

30-Jun-2021
3 min read

Hackers across Russia hacked Danmarks Nationalbank and released malware that allowed them to gain access to the network unnoticed for more than six months. The vulnerability was part of last year's SolarWinds cyber-espionage campaign, which the US blamed Russia for. The Foreign Intelligence Service (SVR) in the hacking department is often referred to as APT29, Dukes, Cozy Bear, or Nobelium.

CyberScoop owes Accenture’s research to it, and it announced that the Hades ransomware gang is becoming a clearer focus. Recently, his goal is "consumer goods and services, insurance and manufacturing and distribution industry sectors." He also added Phoenix Cryptolocker to his arsenal. Unlike other ransomware organizations, Hades does not seem to use affiliate networks. Attributions are still vague, with some researchers calling it a new group, while others linking Hades to threat actors in Russia or China.

The SolarWinds campaign is considered to be one of the most complex supply chain attacks, as 18,000 organizations worldwide have downloaded the Trojan Horse version of SolarWinds Orion's IT management platform.

“The Solarwinds backdoor in Danmarks Nationalbank was open for seven months, before the attack was detected by coincidence by the American IT-security company Fire Eye [sic]”

Although hackers have been around for a long time, the bank said it found no evidence of compromise after the early stages of the attack, as did the thousands of organizations that installed the SolarWinds Orion Trojan. This suggests that the Danish central bank is simply the victim of a major attack, as is the case with many US federal agencies, rather than an attractive target for hackers.

“Action was taken quickly and consistently in a satisfactory manner, and according to the analyzes performed, there were no signs that the attack has had any real consequences” - Denmark Central Bank

When the network security company FireEye disclosed the existence of hackers on its network in December 2020, the SolarWinds attack was made public. It was soon discovered that the hacker targeted a specific US entity [1, 2, 3] with specific targets, including multiple government agencies.

Microsoft's investigation of these attacks revealed that there was a data-stealing Trojan on the computer of one of its customer support agents, which provided access to a limited number of customers.