CyberScoop reports that Russian state-sponsored threat operation Sandworm was noted by Forescout to not have been behind two separate hacking campaigns against Denmark's critical infrastructure last year, which were attributed to the hacking group by the country's SektorCERT.
Attacks against Danish energy firms in May that targeted a Zyxel firewall vulnerability involved the usage of an IP address associated with the Katana Mirai botnet following the disruption of the Cyclops Blink botnet used by the Russian hackers, while the second campaign, initially reported to have begun weeks later, was discovered to have commenced before the initial campaign, according to the Forescout report.
Such findings suggest that the campaigns may have been conducted by as part of a single targeted attack.
"We're entering a time now where there's a lot of stuff going on in terms of geopolitics, conflicts, and a lot of cyber expectations of what will happen. It's very important for organizations, for practitioners, for researchers to be able to separate things a little bit," said Forescout Head of Security Research Daniel dos Santos.