SolarWinds hackers had access to Denmark’s central bank, report says
A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident.
Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators.
Bank officials disputed the Verison 2 report, saying in a statement that the notion hackers had a backdoor into the organization for seven months is incorrect.
Investigators have suggested that the Russian hacking group known as Cozy Bear — thought to be associated with the SVR intelligence agency — corrupted a software update in the SolarWinds Orion product, using the seemingly trustworthy update as a launching point into scores of organizations. The White House indicated that up to 100 technology companies might have been affected, though the true figure and a list of specific victims remains elusive.
“Like 18,000 other companies and organisations worldwide Danmarks Nationalbank was exposed to the vulnerabilities in SolarWind’s software via its suppliers and subcontractors,” the bank said in a statement.
“In addition, the SolarWinds attack generally affected the financial infrastructure in Denmark,” the statement went on. “The relevant systems at Danmarks Nationalbank were quickly contained and analyzed as soon as the compromise of SolarWinds Orion became known.”
Denmark’s central bank represents a key part of the country’s financial system by issuing money, weighing in on monetary policy, managing national debt and ensuring the stability of the krone currency.
Meanwhile, the so-called SolarWinds campaign remains under investigation. The U.S. Securities and Exchange Commission is now probing whether firms affected by the incident have failed to go through the proper notification channels.
The same hackers also allegedly breached a Microsoft customer support account in May, abusing that access to send phishing emails to IT firms, government agencies and non government organizations in 36 countries. Before that, Cozy Bear spies also impersonated officials from the U.S. Agency for International Development in another scheme, according to Microsoft.
Update, July 1, 8:00am ET: Updated to include a response from Danmarks Nartionalbank.