Threat Intelligence, IoT
Report: Sandworm hackers unlikely involved in Denmark cyberattacks
Share
CyberScoop reports that Russian state-sponsored threat operation Sandworm was noted by Forescout to not have been behind two separate hacking campaigns against Denmark's critical infrastructure last year, which were attributed to the hacking group by the country's SektorCERT.
Attacks against Danish energy firms in May that targeted a Zyxel firewall vulnerability involved the usage of an IP address associated with the Katana Mirai botnet following the disruption of the Cyclops Blink botnet used by the Russian hackers, while the second campaign, initially reported to have begun weeks later, was discovered to have commenced before the initial campaign, according to the Forescout report.
Such findings suggest that the campaigns may have been conducted by as part of a single targeted attack.
"We're entering a time now where there's a lot of stuff going on in terms of geopolitics, conflicts, and a lot of cyber expectations of what will happen. It's very important for organizations, for practitioners, for researchers to be able to separate things a little bit," said Forescout Head of Security Research Daniel dos Santos.
Related Events
Related Terms
Account HarvestingDeauthentication AttackDenial of ServiceDictionary AttackDistributed ScansGoogle HackingHybrid AttackInformation WarfarePassword CrackingReconnaissanceGet daily email updates
SC Media's daily must-read of the most current and pressing daily news