Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023.
"22 simultaneous, successful cyberattacks against Danish critical infrastructure are not commonplace," Denmark's SektorCERT said [PDF]. "The attackers knew in advance who they were going to target and got it right every time. Not once did a shot miss the target."
The agency said it found evidence connecting one or more attacks to Russia's GRU military intelligence agency, which is also tracked under the name Sandworm and has a track record of orchestrating disruptive cyber assaults on industrial control systems. This assessment is based on artifacts communicating with IP addresses that have been traced to the hacking crew.
The unprecedented and coordinated cyber attacks took place on May 11 by exploiting CVE-2023-28771 (CVSS score: 9.8), a critical command injection flaw impacting Zyxel firewalls that was disclosed in late April 2023.