CyberScoop reports that Russian state-sponsored threat operation Sandworm was noted by Forescout to not have been behind two separate hacking campaigns against Denmark’s critical infrastructure last year, which were attributed to the hacking group by the country’s SektorCERT. Attacks against Danish energy firms in May that targeted a Zyxel firewall vulnerability involved the usage of an IP address associated with the Katana Mirai botnet following the disruption of the Cyclops Blink botnet used by the Russian hackers, while the second campaign, initially reported to have begun weeks later, was discovered to have commenced before the initial campaign, according to the Forescout report.
Source: SC Magazine