The hackers were able to infiltrate the Denmark’s central bank’s (Danmarks Nationalbank) network for over half a year before they were detected.
The breach was part of SolarWinds campaign launched by Russia’s Foreign Intelligence Service (SVR) through its hacker groups commonly referred to as APT29, The Dukes, Cozy Bear, or Nobelium.
The breach was brought to light by technology publication Version2 after they saw the bank’s documents they requested under the freedom of information law.
“The Solarwinds backdoor in Danmarks Nationalbank was open for seven months, before the attack was detected by coincidence by the American IT-security company Fire Eye [sic],” Version2 said.
Despite the attackers’ long-term access, the bank did not find evidence of compromise beyond the first stage of the attack. This is probably because Denmark’s central bank was not considered a target of interest for the hackers.
The bank said it immediately took action after learning about the issue.
“Action was taken quickly and consistently in a satisfactory manner, and according to the analyses performed, there were no signs that the attack has had any real consequences,” Denmark Central Bank said.
The SolarWinds attack was first detected by cybersecurity company FireEye in December 2020. The hackers targeted hundreds of individuals and entities in the U.S. They were also after email addresses and passwords of specific government agencies.
Microsoft revealed last week that Nobelium, the same hackers behind SolarWinds, breached at least three new entities in a new round of campaigns. The company discovered that a trojan was planted on its support representative’s computer and was used to illegally access data of a limited number of customers.
In April, the US government has identified the Russian state-run spy group known as the SVR as the operators of the SolarWinds campaign. The White House noted that the incident was a national security issue and public safety concern.