COPENHAGEN (Reuters) – Denmark’s central bank was compromised in last year’s global SolarWinds hacking operation, leaving a “backdoor” to its network open for seven months, IT media Version2 reported on Tuesday, citing documents related to the case.
The hackers, accused by the United States of working for Russian intelligence, were unusually sophisticated and modified code in SolarWinds network management software that was downloaded by 18,000 customers around the globe.
The attackers could use SolarWinds to get inside a network and then create a backdoor for potential continued access.
Such a backdoor stood open at the Danish central bank for seven months until it was discovered by U.S. security firm Fire Eye, Version2 said, citing various documents it obtained under a freedom of information request, such as SolarWinds emails.
The central bank, which manages transactions worth billions of dollars each day, said in an emailed comment to Reuters that there were “no signs that the attack had any real consequences”.
“The SolarWinds attack also hit the financial infrastructure in Denmark. The relevant systems were contained and analyses as soon as the compromise of SolarWinds Orion became known,” it added.
SolarWinds did not immediately respond to an emailed request for comment.
The Russian government has denied involvement in the SolarWinds hack, which hit both companies and institutions worldwide, including nine U.S. federal agencies.
Microsoft, whose president has described the attack as “the largest and most sophisticated attack the world has ever seen”, said last week it had discovered a new breach as part of its probe of suspected SolarWinds hackers.
(Reporting by Stine Jacobsen; Editing by Mark Potter)