Sandworm Danish Energy Attacks
Sandworm campaign targeting Danish energy sector critical infrastructure, exploiting Zyxel firewall vulnerabilities for initial access.
Start date
1 May 2023
End date
—
Techniques
15
Attributed actors
Techniques (15)
command-and-control4
T1090.001Internal Proxy
T1105Ingress Tool Transfer
T1071.001Web Protocols
T1071.004DNS
discovery3
T1018Remote System Discovery
T1082System Information Discovery
T1016System Network Configuration Discovery
execution2
T1059.003Windows Command Shell
T1059.004Unix Shell
initial-access3
T1078Valid Accounts
T1133External Remote Services
T1190Exploit Public-Facing Application
persistence3
T1078Valid Accounts
T1543.002Systemd Service
T1133External Remote Services
privilege-escalation2
T1078Valid Accounts
T1543.002Systemd Service
stealth3
T1078Valid Accounts
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.