Targeting of Danish critical infrastructure companies
Date of report
  • November 2023
Starting in May 2023, Russian threat actor Sandworm used a vulnerability in Zyxel firewalls to break into the networks of twenty-two Danish companies operating in different critical infrastructure sectors.
Suspected victims
  • Users of CyberLink’s Promeo software
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Government
  • Private sector
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response