A group of Russian hackers is accused of compromising a Danish bank in the latest example of fallout involving cyber-espionage emanating from Moscow, according to a European media outlet that cites documents related to the incident.
Denmark’s central bank, or Danmarks Nationalbank, was compromised by the same spies who used software made by the U.S. federal contractor SolarWinds to breach nine U.S. government agencies and dozens of companies, Version 2, a Danish new site, reported Tuesday. By leveraging the SolarWinds technology, hackers infiltrated the company’s partners and clients, spending at least seven months inside the networks of the Danish financial institution, the site reported based on internal emails sent to the bank from outside investigators.
Investigators have suggested that the Russian hacking group known as Cozy Bear — thought to be associated with the SVR intelligence agency — corrupted a software update in the SolarWinds Orion product, using the seemingly trustworthy update as a launching point into scores of organizations. The White House indicated that up to 100 technology companies might have been affected, though the true figure and a list of specific victims remains elusive.
Denmark’s central bank represents a key part of the country’s financial system by issuing money, weighing in on monetary policy, managing national debt and ensuring the stability of the krone currency.
Meanwhile, the so-called SolarWinds campaign remains under investigation. The U.S. Securities and Exchange Commission is now probing whether firms affected by the incident have failed to go through the proper notification channels.
The same hackers also allegedly breached a Microsoft customer support account in May, abusing that access to send phishing emails to IT firms, government agencies and non government organizations in 36 countries. Before that, Cozy Bear spies also impersonated officials from the U.S. Agency for International Development in another scheme, according to Microsoft.
The post SolarWinds hackers had access to Denmark’s central bank for 7 months, report says appeared first on CyberScoop.
– Read More – CyberScoop