Ongoing cyberattack against Denmark is country’s largest ever

Denmark had operations at 22 of its energy firms significantly disrupted in ongoing coordinated intrusions that involved the exploitation of a vulnerability in Zyxel firewalls since May, which is the country's largest cyberattack yet, according to The Record, a news site by cybersecurity firm Recorded Future. Attacks were deployed in several tranches, with the first wave in early May resulting in the successful compromise of 11 energy companies that were vulnerable to the Zyxel bug, tracked as CVE-2023-28771, even after patches were issued the month before, a report from Denmark's SektorCERT noted. While threat actors were thwarted from accessing critical infrastructure, another set of hackers leveraged the impacted Danish energy firms as part of Mirai distributed denial-of-service botnet attacks against U.S.- and Hong Kong-based organizations. Such attacks, which began in late May, may have been facilitated through the use of two Zyxel zero-day flaws. On the other hand, Russian state-sponsored threat operation Sandworm has been suspected to be behind the last wave of attacks although evidence suggesting Russian involvement remains lacking, said SektorCERT.