Targeting of Danish critical infrastructure companies

Date of report

November 2023

Affiliations

Sandworm

Starting in May 2023, Russian threat actor Sandworm used a vulnerability in Zyxel firewalls to break into the networks of twenty-two Danish companies operating in different critical infrastructure sectors.

Suspected victims

Users of CyberLink’s Promeo software

Suspected state sponsor

Korea (Democratic People's Republic of)

Type of incident

Espionage

Target category

Government
Private sector

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events