Over the weekend, Danish State Railways (DSB) was paralyzed for several hours as trains came to a halt due to a hack attack on a third-party IT service provider, Supeo.
Let me remind you that we wrote that Transport company CMA CGM was attacked by Ragnar Locker, and also that Logistics company Expeditors halts international operations due to cyberattack.According to the Danish broadcaster DR, all trains of the country’s largest railway company stopped in the early morning of November 5, 2022, and it was not possible to resume traffic until 13:00. And even after that, the trains could not run in full accordance with the schedule.
The outage is reportedly due to problems in the security-critical IT system Den Digitale Rygsæk 2, which is being developed by Supeo, a company that provides enterprise solutions for railways, transport infrastructure operators and passenger management.
The media write that train traffic was disrupted due to the fact that Supeo had to shut down its servers after a hacker attack. This led to the fact that some of the software used by the machinists stopped working. Specifically, Supeo provides DSB with a mobile app that train drivers use to access critical operational information, including speed limits and information about railroad operations. So when the contractor decided to shut down their servers, the app stopped working and the drivers were forced to stop the trains.
Reuters writes that Supeo could have been attacked by ransomware, although the company does not provide any details of the incident and only state that it was an “economic crime” (that is, it seems to be focused on financial gain).
It is emphasized that the attack was not aimed specifically at the DSB.
