At a glance.
- An analysis of cyberattacks against Danish energy infrastructure.
- Cryptomining campaign targets weak SSH passwords.
- Akira ransomware gang ramps up operations.
- FBot targets cloud services.
An analysis of cyberattacks against Danish energy infrastructure.
Forescout has published an analysis of two waves of cyberattacks that hit Denmark's energy sector in May 2023. While the Danish CERT for critical infrastructure, SektorCERT, attributes the incidents to Russia's Sandworm threat actor, Forescout thinks the evidence for this is lacking. The researchers write, "Evidence suggests that the two waves of attacks on Danish infrastructure reported by SektorCERT were unrelated. It also suggests that the second wave was simply part of a mass exploitation campaign against unpatched firewalls, not part of a targeted attack by Sandworm or another state-sponsored actor. Our data reveals that the campaign described as the 'second wave' of attacks on Denmark, started before, and continued after, the period reported by SektorCERT, targeting firewalls indiscriminately in a very similar manner, only changing staging servers periodically. We see a prevalence of exploitation attempts in Europe, where nearly 80% of publicly identifiable and potentially vulnerable firewalls are located."