Hackers stayed in the network of the Central Bank of Denmark for several months

The Russian-speaking hack group APT29 (also known as Cozy Bear, Nobelium or The Dukes) compromised the central bank of the Kingdom of Denmark and retained access to the financial institution’s network for several months, according to local media Version2.

Let me remind you that earlier the American authorities officially blamed APT29 and the Russian special services for the attack on SolarWinds. According to the authorities, the hackers “used the SolarWinds Orion platform and other IT infrastructures as part of a large-scale cyber-espionage campaign.”

The SolarWinds hack has become one of the largest supply chain attacks in history. In December 2020, it became known that unknown hackers had attacked the company and infected its Orion platform with malware.

Of the 300,000 SolarWinds customers, only 33,000 were using Orion, according to official figures, but it was recently reported that while approximately 18,000 clients had an infected version of the platform installed, only about 100 of them were actually affected by attacks.

Nevertheless, as a result of this incident, such giants as Microsoft, Cisco, FireEye, as well as many US government agencies, including the State Department, the Department of Justice and the National Nuclear Security Administration, became victims of hackers.

The publication also refers to official documents received from the bank after a request under the freedom of information law.

Although the cybercriminals spent a long time on the bank’s network, representatives of the Danish Central Bank claim that they did not find any evidence of compromise after this stage of the attack (as happened with many other organizations that installed a trojanized version of Orion). It looks like the bank was a collateral victim of a larger hacker operation and was of no interest to attackers.

Let me remind you that we also talked about the fact that SolarWinds Attack Gives Hackers Access to Trump Administration Officials Accounts.