For seven months in the wake of the global SolarWinds cyberattack in December 2020, the Danish National Bank's IT system has been vulnerable to hackers, tech news portal Version2 reported.
It appears that the National Bank, which operates Denmark's key financial infrastructure, has been affected by a so-called stage 1-compromise, which implies that hackers were informed of a backdoor into the security system that they could potentially use.
So far, the National Bank has not been able to completely exclude whether the backdoor has been used to compromise the system further. However, it feels more or less confident the attack has not had any serious consequences.
"The relevant systems were contained and analysed as soon as the compromise by SolarWinds Orion became known", the National Bank told Version2. "We acted quickly and intervened in a satisfactory way. According to the reported analyses there has been no indication that the attack has had any real consequences".
The supplier of the National Bank's compromised programme said the firm considers it an "impossible task" to prove the absence of IOCs (indications of compromise).
Yet, regardless of what the hackers wanted the access for, they have had a unique opportunity, according Jan Lemnitzer, a lecturer in IT security at the Copenhagen Business School.
"The Danish National Bank has a lot of exciting information about Denmark and Danish companies", Lemnitzer said.
The otherwise credible SolarWinds programme, which is used for managing complex network systems, is seen as the perfect way to attack a company's or an organisation's servers.
"If you have access to SolarWinds, it is generally quite easy to run things on all servers that SolarWinds has access to. If you have a programme that you want to infect the system with, SolarWinds can install it anywhere with one click from those who manage SolarWinds", explained Lucas Lundgreen, a white hat hacker at the company Banshie, with previous experience of SolarWinds.
The global SolarWinds attack was discovered by the security company FireEye in 2020. Several Danish authorities and businesses have been affected by the extensive attack that targeted some 18,000 SolarWinds clients around the globe, most notably the US Department of Defence, Microsoft, the US Federal Reserve, as well as numerous military branches.
While the American authorities claimed that a Russian-sponsored hacker group was behind the incident, Moscow strongly rejected the claims, stressing that Washington failed to present any tangible proof to back the accusations.