"22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure"
Non-profit cybersecurity center for critical sectors SektorCERT recently revealed that hackers compromised 22 energy organizations in a coordinated attack against Denmark’s critical infrastructure. SektorCERT noted that as part of the attack in May 2023, the hackers compromised the victim organizations within a few days, making this the largest attack against Danish critical infrastructure to date. SektorCERT stated that Denmark is constantly under attack, but it is unusual that one sees so many concurrent, successful attacks against the critical infrastructure. As part of the attacks, hackers exploited multiple vulnerabilities in Zyxel firewalls for initial access, executing code, and gaining complete control over the impacted systems. On May 11, the threat actors targeted 16 Danish energy organizations in attacks exploiting CVE-2023-28771 (CVSS score of 9.8), a critical OS command execution in Zyxel’s ATP, USG FLEX, VPN, and ZyWALL/USG firewalls that came to light in late April. The attackers successfully compromised 11 organizations, executing commands on the vulnerable firewalls to obtain device configurations and usernames. SektorCERT says a second wave of attacks, observed on May 22, involved new tools and exploitation of two zero-day vulnerabilities in Zyxel devices. The bugs, tracked as CVE-2023-33009 and CVE-2023-33010, were patched on May 24. On the same day, the attackers started targeting multiple Danish energy firms with different payloads and exploits and continued their assault on May 25. SektorCERT noted that it worked with the victim organizations to apply the available patches and secure the compromised networks immediately after identifying the attacks.