Sandworm Not All to Blame: Forescout Research Uncovers New Evidence Tied to Energy Sector Cyberattacks in Denmark
Forescout, a global cybersecurity leader, today unveiled “Clearing the Fog of War,” a report that introduces fresh evidence regarding two previously documented attacks that affected the Danish energy sector in May 2023.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240110605135/en/
Clearing the Fog of War (Source: Forescout)
Forescout Research – Vedere Labs conducted an independent analysis of these attacks and discovered a larger campaign that could not be fully attributed to the Advanced Persistent Threat (APT) group, Sandworm, along with other findings that the Danish CERT, SektorCERT, did not publish in its November 2023 report.
In its Adversary Engagement Environment (AEE) observations, Vedere Labs identified two significant findings:
- Sandworm is not the common threat actor: Forescout researchers detailed a different technique for targeting the critical infrastructure in the second wave than the one used in the first attack wave. This suggests that Sandworm cannot be pointed to as the APT group associated with both waves of attacks.
- Copycat adopted mass exploit: The second wave of attacks took advantage of unpatched firewalls using a newly “popular” CVE-2023-27881 and additional IP addresses that went unreported in the SektorCERT report. Evidence suggests the second wave was part of a separate mass exploitation campaign.
“Distinguishing between a state-sponsored campaign aimed at disrupting critical infrastructure and a crimewave of mass exploitation campaigns, while also accounting for potential overlaps between the two, is more manageable in hindsight than in the heat of the moment,” notes Elisa Costante, VP of Research at Forescout Research – Vedere Labs. “This report underscores the significance of contextualizing observed events with comprehensive threat and vulnerability intelligence to improve OT network monitoring and enhance incident response plans.”
Read the blog: Clearing the Fog of War - A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine
After the second incident, further attacks targeted exposed devices within critical infrastructure worldwide in the ensuing months. Forescout researchers detected numerous IP addresses attempting to exploit the Zyxel vulnerability CVE-2023-28771, persisting as late as October 2023, across various devices, including additional Zyxel firewalls. Presently, six distinct power companies in European countries utilize Zyxel firewalls and may remain susceptible to potential exploitation by malicious actors.
This recent evidence underscores the imperative for energy firms and organizations overseeing critical infrastructure to place a greater emphasis on utilizing current threat intelligence, including information on malicious IPs and known exploited vulnerabilities. Governments are increasingly taking proactive measures by allocating funding to initiatives aimed at fortifying the security posture of critical infrastructure within the energy sector. Notably, the U.S. Department of Energy recently announced a new funding initiative, earmarking $70 million for this purpose just last week.
Forescout Research conducted this analysis utilizing its AEE, which encompasses both real and simulated connected devices. This environment serves as a comprehensive tool for pinpointing incidents and discerning threat actor patterns at a granular level. The goal is to enhance responses to intricate critical infrastructure attacks through detailed insights and understanding gained from this specialized testing environment.
For more information, download the full report, “Clearing the Fog of War.”
About Forescout
Forescout Technologies, Inc., a global cybersecurity leader, continuously identifies, protects and helps ensure the compliance of all managed and unmanaged connected cyber assets – IT, IoT, IoMT and OT. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide vendor-agnostic, automated cybersecurity at scale. The Forescout® Platform delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response. With seamless context sharing and workflow orchestration via ecosystem partners, it enables customers to more effectively manage cyber risk and mitigate threats.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240110605135/en/
Contact information
Media Contacts
Steve Bosk
W2 Communications for Forescout
forescout@w2comm.com
Carmen Harris
carmen.harris@forescout.com
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
ARAMIS Global Ambassador, Dwyane Wade, Celebrates New Fragrance Launch During New York Fashion Week13.9.2025 20:13:00 EEST | Press release
Heritage men’s fragrance brand, ARAMIS, officially launched its new scent, Intuition, with global ambassador, Dwyane Wade, during New York Fashion Week. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250913048158/en/ ARAMIS Global Ambassador, Dwyane Wade, attends Brand’s NYFW Pop-Up at The High Line (Courtesy of BFA ) The celebration kicked off with an immersive pop-up on New York City’s iconic High Line, where guests explored the story behind the fragrance through scent, sound, and design. Dwyane Wade made a personal appearance at the interactive event, joined by his wife, actress Gabrielle Union. Later in the afternoon, Wade participated in an intimate conversation around personal grooming, fragrance, and modern masculinity at Bloomingdale's 59th Street. Moderated by Mike Muse, the conversation also featured Donato Smith, Wade's longtime barber, and friend. Bloomingdale’s top clients were given the opportunity to connect i
SUI Group Announces Completion of Existing $2 Million Stock Repurchase Program and Subsequent Authorization of New $50 Million Program12.9.2025 23:05:00 EEST | Press release
SUI Group Holdings Limited (“SUI Group,” “SUIG” or the “Company”) (NASDAQ: SUIG), the only publicly traded company with an official relationship with the Sui Foundation, today announced it has completed its previously authorized $2 million stock repurchase program. SUI Group is also announcing that its Board of Directors has now authorized a new stock repurchase program to acquire up to an additional $50 million of the Company’s common stock. Following the completion of its initial stock repurchase program, in which the Company repurchased approximately 318,743 shares of its common stock at an average price of $4.30 per share between September 10, 2025 and September 12, 2025, SUI Group’s new program provides the flexibility to support its Net Asset Value (“NAV”) per share by opportunistically purchasing its common stock. The Company believes that share repurchases at these levels are immediately accretive to existing stockholders and reflects its confidence in its underlying fundamenta
Allied Nations Gather to Discuss Future of Multilateral Defence Security Financing12.9.2025 18:35:00 EEST | Press release
The Defence, Security and Resilience Bank (DSRB) Development Group co-hosted an international conference in the City of London this week to discuss the creation of a new multilateral bank designed to bring capital market expertise to the frontlines of global security. The event at Mansion House, co-hosted by the Lord Mayor of London, included 72 attendees from 37 countries across the NATO alliance, the EU, and Indo-Pacific allied nations. Held on the eve of the Defence and Security Equipment International (DSEI event), the DSRB “Information Day” event also included a further 88 attendees from a wide range of institutions including the European Union, NATO, eight partner commercial banks, multiple development and central banks as well as representatives from global funds, ratings agencies, industry associations and think tanks. Notes to Editors: The DSR Bank Development Group is a non-profit working toward the establishment of the full bank alongside nation states and institutions. The
Illumination and Nintendo Announce the New Animated Film Based on the World of Super Mario Bros. Will Be Titled The Super Mario Galaxy Movie12.9.2025 16:33:00 EEST | Press release
Illumination (HQ: Santa Monica, CA, USA; Founder and CEO: Chris Meledandri) and Nintendo Co., Ltd. (HQ: Kyoto, Minami-ku, Japan; Representative Director and President: Shuntaro Furukawa, “Nintendo” hereafter) today announced that the title of the new animated film based on the world of Super Mario Bros., will be The Super Mario Galaxy Movie. The film will be released worldwide by Universal Pictures beginning April 3, 2026. In addition, the two companies announced that the returning voice actors for the characters will be: Mario (Chris Pratt), Princess Peach (Anya Taylor-Joy), Luigi (Charlie Day), Bowser (Jack Black), Toad (Keegan-Michael Key), and Kamek (Kevin Michael Richardson). The additional characters and voice cast for The Super Mario Galaxy Movie will be announced at a later date. The Super Mario Galaxy Movie will be released on April 3, 2026 in the US and many additional markets globally, and will be released on April 24, 2026 in Japan, with select territories releasing through
TON Strategy Company Announces Initial Share Repurchases Under $250 Million Program, Buying Below Treasury Asset Value Per Share, and Start of Staking12.9.2025 15:30:00 EEST | Press release
TON Strategy Company (Nasdaq: TONX) (the “Company”), a digital asset treasury company committed to holding Toncoin ($TON), today announced that it has repurchased over 250,000 shares of its common stock under its previously announced $250 million share repurchase program. Further, the Company has started staking operations, as planned, to generate on-chain income by utilizing its treasury holdings. The Company repurchased shares at an average of $8.32 per share; by comparison, the Company’s TAV per share was $12.181 as of September 11, 2025. This week’s share repurchases and the start of staking underscore TON Strategy Company’s financial strength, commitment to shareholder value, and long-term confidence in The Open Network (TON) ecosystem. They coincide with recent milestones in the broader TON network – including the availability of $TON on Gemini, Robinhood, and Zengo – which the Company believes represent steps toward broader market access for the token as the native asset of TON,
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom