January 14, 2024 at 04:51AM
Forescout’s recent findings reveal that the cyber attacks on Denmark’s energy sector in 2023, involving Zyxel firewall vulnerability and Mirai botnet, were not linked to the Russia-based Sandworm group. The attacks consisted of two separate waves and targeted multiple entities across Europe and the U.S., posing ongoing threats to critical infrastructure.
Key takeaways from the meeting notes on the newsroom cyber attack/vulnerability:
– Forescout’s findings indicate that the cyber attacks on the Danish energy sector in May 2023 were not attributed to the Russia-linked Sandworm hacking group.
– The attacks occurred in two distinct waves, exploiting a security flaw in Zyxel firewall (CVE-2023-28771) and deploying Mirai botnet variants via an initial access vector.
– The second wave of attacks, which occurred after the first wave, appeared to be part of a broader mass exploitation campaign against unpatched Zyxel firewalls and were not likely the work of a state-sponsored group.
– Evidence suggests that the attacks may have started as early as February 16 and persisted until October 2023, targeting entities across Europe and the U.S.
Follow us on Twitter and LinkedIn for more exclusive content.