Russian Hacking Group Sandworm Linked to Unprecedented Attack on Danish Critical Infrastructure

Cyber Security Threat Summary:
In May 2023, a two-phase cyber-attack targeted 22 Danish critical infrastructure companies. The attackers exploited Zyxel firewall vulnerabilities to gain control of the systems and carry out DDoS attacks.

The first phase of the attack began on May 11, 2023, and targeted 16 Danish energy companies. The attackers exploited the CVE-2023-28771 vulnerability to gain complete control of the Zyxel firewalls. This allowed them to execute code on the firewalls and steal configuration and usernames.

The second phase of the attack took place from May 22-25, 2023, and used "never-before-seen cyber weapons" to exploit two new Zyxel vulnerabilities: CVE-2023-33009 and CVE-2023-33010. The attackers used these vulnerabilities to gain access to the firewalls and carry out DDoS attacks against separate targets.

Security Officer Comments:
The cyber-attack on Danish critical infrastructure was a significant event that highlights the growing threat of cyber-attacks against critical infrastructure. Critical infrastructure companies need to be aware of the latest vulnerabilities and take steps to patch them promptly. They also need to have robust cybersecurity measures in place to protect against cyber-attacks. Governments need to work together to share information about cyber-attacks and to develop strategies to prevent future attacks.

Suggested Correction(s):
Patch management is crucial for critical infrastructure companies because it safeguards their systems against cyber-attacks. Critical infrastructure companies are prime targets for cyber-attacks due to the essential services they provide to the public, such as electricity, water, and transportation.