Tuesday, November 26, 2024

Further analysis of Danish attack yields warnings about unpatched network equipment

Must read


What happened in Denmark could happen to you, cybersecurity researchers warn in a new report examining attacks on the country’s energy sector last year.

A series of May incidents that appeared to be a highly targeted effort by a nation-state actor (possibly Russia’s Sandworm hacking group) were not as initially thought, according to a new Forescout report. It is possible that the relationship was even lower.

The researchers say their analysis found two distinct waves for Danish energy providers and that there is evidence to suggest they are unrelated.

There appears to be “no direct connection to sandworms” in the first wave, Forescout said. The researchers’ findings also indicate that “the second wave was simply part of a large-scale exploitation campaign against unpatched firewalls, and not part of a targeted attack by Sandworm or other state-sponsored actors.” It also suggests that.

The bottom line is that “critical infrastructure organizations across Europe must remain vigilant against attacks against unpatched network infrastructure devices.”

“Ignoring these events as targeted at specific countries or organizations can put other vulnerable organizations at risk,” Forescout said.

SektorCERT, Denmark’s computer emergency response agency, reported on the attack in November. Nearly 20 companies were affected, and the intrusions typically involved exploiting products from Zyxel, a Taiwan-based manufacturer that primarily sells networking hardware.

The Forescout report also goes into technical details of the Ukraine incident in late 2022, which Mandiant analyzed almost a year later. The attack, apparently caused by a sandworm, caused a temporary power outage before widespread missile attacks on critical infrastructure across Ukraine.

ForeScout’s team said the attack was not a “giant leap forward,” but it does demonstrate how attackers can leverage “living on land” techniques within operational technologies, such as controlling power infrastructure, to gain “stealth benefits.” “He showed what he could get.” The problem for administrators, Forescout said, is “the general lack of detection and hardening capabilities around native OT scripting capabilities.”

More specifically, the 2022 attack involved “native SCADA scripting functionality,” or industrial control code that was already present in the system. In contrast, attacks such as his famous BlackEnergy and Industroyer attacks against Ukraine relied on custom his malware.

Get more insights at

recorded future

intelligence cloud.

learn more.

There are no past articles

There are no new articles





Source link

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article