Supply chain – Multiple Danish organisations (SolarWinds)

Multiple Danish organisations were compromised via the SUNBURST backdoor embedded in SolarWinds Orion updates. The actual intrusions occurred 8–9 months before discovery in December 2020. Danish victims were identified from DGA lists extracted from passive DNS data.

Affected organisations: COWI, SAS, Vestforbrændingen, Vallensbæk Kommune, Statens IT, BEC, Danmarks Nationalbank

Danmarks Nationalbank was also compromised. This is one of the most extensive supply chain attacks in history.

• FireEye — SUNBURST backdoor
• Version2 — Store danske virksomheder ramt
• CFCS — Undersøger mulige danske SolarWinds-kompromitteringer
• BleepingComputer — SolarWinds tag
• Version2 — BEC, COWI, kommuner ramt
• Version2 — Vestforbrændingen ramt
• Version2 — Statens IT myndigheder ramt
• Finans.dk — SAS among affected companies
• Version2 — Danmarks Nationalbank hacket
• Reuters — Denmark's central bank exposed to SolarWinds hack