Denmark: Russia has been hacking us for two years – The Post

Denmark: Russia has been hacking us for two years

Prominent hacker group has gained entry to employee emails in 2015 and 2016

Not hobby hackers at work (photo: Pixabay)
April 24th, 2017 9:03 am| by Christian W
Facebooktwittergoogle_pluspinterestmail

The defence minister, Claus Hjort Frederiksen, has revealed that Russian hackers have been targeting Danish Defence for the past two years, but with limited success.

Frederiksen confirmed what was written in a new report just published by the Centre for Cyber Security (CFCS): that a Russian hacker group has gained entry to employee emails in 2015 and 2016.

“What’s happening is very controlled. It’s not small hacker groups doing it for the fun of it,” Frederiksen told Berlingske newspaper.

“It’s connected to intelligence agencies or central elements in the Russian government, and holding them off is a constant struggle.”

READ MORE: Danish forces wary of Russian ‘honey traps’

Fancy Bears and honey traps
According to the CFCS report (here in Danish)
, the hackers have only managed to gain access to non-classified information, but the attacks can still damage Denmark’s security as the information gleaned can be used to recruit, blackmail or plan further espionage.

The report also said it was “very likely” that the hacker group APT28 – also known as Fancy Bear – is behind the cyber attacks. The group is allegedly controlled by the Russian government and, according to the US authorities, was also responsible for hacking the Democratic Party during the US elections last year.

The news comes just days after a risk assessment from the Danish Defence Intelligence Service (DDIS) indicated that Danish soldiers being deployed in Estonia at the end of the year should be wary of so-called Russian ‘honey traps’.

Time line for Russian hack attack


– March-June 2015: A smaller number of phishing emails were sent to specific employees working in the Defence Ministry and Foreign Ministry

– April-June 2015: First attempt to steal login information using a fake login site for the Defence’s email system. Several hundred phishing emails were sent to specific employees working for the Defence Ministry again

– June-October 2015: A small number of phishing emails were sent to specific employees working for the Defence Ministry and Foreign Ministry

– September-October 2015: The second attempt to steal login information was attempted, again using a fake login site. Several hundred phishing emails were sent to specific employees working for the Defence Ministry during this time as well. During the same period, attempts to force entry to Defence email accounts were also discovered

– February-April 2016: Reconnaissance activity against the Defence’s emails and other public authorities’ email systems

– April 2016: Hackers try to force entry into several user accounts for remote access for servers for several Defence IT systems. Should one such server be compromised, the hacker can potentially gain access and control it.

– October 2016: The hacker’s third attempt at stealing login information using a fake login page is attempted and about 1,000 phishing emails were sent to specific employees working for the Defence Ministry again