Кибератака на Датские железные дороги привела к остановке поездов

November 5, 2022

More details: https://www.securitylab.ru/news/534666.php

Last weekend, a cyberattack on third-party IT service providers disrupted train service for DSB, Denmark's largest railway company.

The victim of the attack was Supeo, a Danish company that provides enterprise asset management solutions to railway companies, transport infrastructure operators, and public passenger services.

"Trains across the country stopped running this morning and only resumed running at 1 p.m.; DSB expects that border and long-distance trains will not run as scheduled tomorrow," local media reported.

According to Danish broadcaster DR, the incident occurred due to a bug in a security-critical IT system called "Den Digitale Rygsæk 2."

The attack affected the Digital Backpack 2 platform (developed by Supeo), which allows train drivers to access vital information from mobile devices, such as speed limits and information about railway work.

Experts suspect Supeo may have been attacked by ransomware, but the company has not commented on the incident.