Hackers Had Secret Access to Danish National Bank for Seven Months After SolarWinds Attack
While the National Bank claimed to have acted "quickly" and "in a satisfactory way", the exact extent of the hack attack and its consequences remain unknown.
For seven months in the wake of the global SolarWinds
cyberattack in December 2020, the Danish National Bank's IT system has been
vulnerable to hackers, tech news portal Version2 reported.
It appears that the National Bank, which operates Denmark's
key financial infrastructure, has been affected by a so-called stage
1-compromise, which implies that hackers were informed of a backdoor into the
security system that they could potentially use.
So far, the National Bank has not been able to completely
exclude whether the backdoor has been used to compromise the system further.
However, it feels more or less confident the attack has not had any serious
consequences.
"The relevant systems were contained and analysed as
soon as the compromise by SolarWinds Orion became known", the National
Bank told Version2. "We acted quickly and intervened in a satisfactory
way. According to the reported analyses there has been no indication that the
attack has had any real consequences".
The supplier of the National Bank's compromised programme
said the firm considers it an "impossible task" to prove the absence
of IOCs (indications of compromise).
Yet, regardless of what the hackers wanted the access for,
they have had a unique opportunity, according Jan Lemnitzer, a lecturer in IT
security at the Copenhagen Business School.
"The Danish National Bank has a lot of exciting
information about Denmark and Danish companies", Lemnitzer said.
The otherwise credible SolarWinds programme, which is used
for managing complex network systems, is seen as the perfect way to attack a
company's or an organisation's servers.
"If you have access to SolarWinds, it is generally
quite easy to run things on all servers that SolarWinds has access to. If you
have a programme that you want to infect the system with, SolarWinds can
install it anywhere with one click from those who manage SolarWinds",
explained Lucas Lundgreen, a white hat hacker at the company Banshie, with
previous experience of SolarWinds.
The global SolarWinds attack was discovered by the security
company FireEye in 2020. Several Danish authorities and businesses have been
affected by the extensive attack that targeted some 18,000 SolarWinds clients
around the globe, most notably the US Department of Defence, Microsoft, the US
Federal Reserve, as well as numerous military branches.
While the American authorities claimed that a
Russian-sponsored hacker group was behind the incident, Moscow strongly
rejected the claims, stressing that Washington failed to present any tangible
proof to back the accusations.
Comments
Post a Comment