A recent report from SektorCERT, a Danish cybersecurity center, revealed a coordinated cyberattack on Denmark’s energy infrastructure in spring, marking the nation’s largest cyber incident. The attack targeted systems in 22 companies overseeing various components of the infrastructure. Had the attackers chosen to disrupt power, over 100,000 people could have been affected. Luckily, the breach was swiftly detected, preventing customer impact. However, some companies had to operate off-grid to contain the attack’s spread.
The attackers exploited zero-day vulnerabilities in Zyxel firewalls, commonly used by Danish infrastructure operators, due to outdated systems. Some companies didn’t update their firewalls to avoid installation charges or assumed the new firewalls were already updated, neglecting necessary updates.
SektorCERT suggested potential involvement of a state actor due to the attack’s sophisticated planning. While the motive seemed to be intelligence gathering, the report didn’t explicitly attribute the attack. Nonetheless, traffic analysis pointed to servers associated with a Russian military hacking unit.
The simultaneous nature of the attack hindered affected companies from warning others promptly. Despite lacking a clear attribution, the incident underscores the vulnerability of critical infrastructure to cyber threats.