The Attack Against Danish Critical Infrastructure
Michael Weng
S4x24 - ICS Security Conference · Day 1 · Main Stage
Michael Weng, representing the Danish sector CERT, delivered a compelling presentation at S4x24, detailing a sophisticated and coordinated cyberattack that targeted Danish critical infrastructure in May 2023. The talk, titled "The Attack Against Danish Critical Infrastructure," illuminated how 22 companies across vital sectors were simultaneously compromised through the exploitation of a critical Zyxel firewall vulnerability. Weng's presentation offered a candid look into the challenges and successes of a relatively small, non-profit national CERT in responding to a significant incident with potential state actor involvement.
AI review
This presentation from the Danish sector CERT provides a candid and highly valuable retrospective on a coordinated, state-actor level attack against 22 critical infrastructure companies. Michael Weng's detailed account of the incident, from detection via their 'outside-in' NSM/IDS setup (Suricata, Zeek, Corelight) to the challenges of attribution and the coordinated response, offers critical, actionable insights for any defender. It highlights the brutal reality of rapid zero-day exploitation and demonstrates how a small, well-placed team can achieve significant defensive success through…