L A T E S T I N T E L L I G E N C E
eTHREAT PERSPECTIVE NORDIC REGION
Executive Summary
• Dragos assesses with high confidence the renewable energy sector of the Nordic Region , encompassing Denmark , Finland , Iceland , Norway and Sweden , the autonomous territories of the Faroe Islands and Greenland , and the autonomous region of Åland , matches the targeting profiles of Russian cyber operations ( wind , solar , nuclear , hydroelectric , and biofuels ) – based on the 2023 threat assessment by the U . S . Office of the Director of National Intelligence ( ODNI ), along with the leaked NTC Vulkan Files that detailed the Russian programs for offensive cyber operations on critical infrastructure .
• As of June 2023 , Distributed Denial of Service ( DDoS ) attacks performed by hacktivist groups are ongoing in the Nordic Region with an emphasis on Sweden ..
• Wiper malware has been deployed against Ukraine , which had cascading impacts on European renewable energy asset owners . Nordic countries were victims of the spread of wiper malware ( NotPetya infected systems in Denmark ).
• Sweden is hosting approximately 57 percent of the internetconnected ICS / OT assets in the Nordic Region .
• Rapid weaponization of exploits on Virtual Private Networks ( VPN ) and remote services are a prolific
PRESENTED BY
DOWNLOAD WHITEPAPER
attack vector with a proportionally larger risk to Cisco SSL VPNs . Fifty-four percent of Dragos sampled VPN appliances belonging to renewable energy asset owners in the Nordic Region are Cisco SSL VPNs .
• Worldwide exploitation of the following Known Exploited Vulnerabilities ( KEV )
• Fortinet – FortiOS and FortiProxy SSL-VPN ( CVE-2023-27997 )
• MOVEit Transfer – Progress MOVEit Transfer SQL Injection Vulnerability ( CVE-2023-34362 )
Dragos engagements on hydroelectric dams , wind farms , and solar farms identified many critical findings that elevated levels of risks for those customers including vendor managed control systems , lack of ICS / OT network segmentation , insecure file transfer protocols , internet-connected OT systems , limited security control for remote access , and use of insecure protocols and credentials . �
16 www . intelligentdatacentres . com