A state-controlled Russian hacking group has been found to have hacked its way into the Danish Defence, accessing the emails of specifically targeted staff members to tap them for information through 2015 and 2016.
According to several intelligence agencies, the group behind the attack - ATP 28, also known as Fancy Bear - has ties all the way to Vladimir Putin’s presidential administration and is identical to one of the two hacking groups which last years gained illegal access to the email accounts of US Democrats.
The information in the hacked Defence emails is described as non-classified, but Berlingske has had access to a new report on the attack from the Danish Defence Intelligence Service’s Center for Cyber Security, which describes the attack as a serious security risk for Denmark - not least because Russia could use the information to recruit agents within the Danish Defence.
»The information could be abused in attempts to recruit, blackmail or plan further espionage,« the report says.
The hackers could also use the infected email accounts to send new emails, thereby spreading the hack to gain acces to more compromising information, the report adds.
Danish Defence Minister Claus Hjort Frederiksen has received the report and is shocked at the attack which he claims is controlled by the Russian state.
»This is very controlled. These are not small hacking groups doing it for the fun of it. This is tied to the intelligence services og central elements in the Russian regime, and it is an eternal struggle to keep them at bay,« Claus Hjort Frederiksen says.
He declined to give details on which area of the Danish Defence was targeted, and which personnel, stating only that this is confidential information. But he stressed that the hackers have not had access to any information with a higher security classification, as such information - on weapons systems etc - is not accessible through the internet.
Besides targeting email accounts, the hackers have also made several attempts to attack computers and servers at both the Danish Defence and the Danish Foreign Ministry. These attacks were not successful according to the report.
The reports states that the hacker attack was made possible by the fact that new security measures were not put in place early enough to deter hackers from targeting the non-classified emails, despite an increase in the perceived threat level and also an increase in the use of emails.
»Security has been tightened and new procedures introduced,« says Claus Hjort Frederiksen, who warned in January of a massive cyber threat against Denmark, calling the risk of attacks from state-controlled Russian hacking groups particularly »frightening«.
In its threat assessment for 2016, released earlier this year, the Danish Defence Intelligence Service stated that the threat of cyber espionage and cyber crime by foreign powers was »very high«, i.e. at the highest risk level.
A number of other Western intelligence agencies have warned that hacker attacks from Russia are s a growing threat, not least in terms of attempts to influence this year’s parliamentary elections in France, Norway and Germany.
Thomas Lund-Sørensen, head of the Center for Cyber Security, says the hacker attack on the Danish Defence is clear evidence of a massive and serious cyber threat.
»This is a very concrete example that indicates we are not just talking about a theoretical risk when we point to a major, serious threat of espionage against Denmark.«
He also sees it as a warning that hackers could in future turn to more threatening behaviour targeting general security. Although the Center for Cyber Security does not currently estimate a major risk of attacks on critical infrastructure such as electricity, oil og gas supplies, this could change.
Defence Minister Claus Hjort Frederiksen says that his ministry has not raised the issue of the hacker attack with Russia.
»They have not admitted to anything they have done previously, so that would be naive,« he says. »I know I would not get a response.«
Read the entire report here: