07 December 2023

Cyberattack Disrupts Trains in Denmark

On 05 November 2022, all trains operated by DSB, the country's largest rail operating company, were stopped for several hours.

According to a DSB press release, the security incident originated at Supeo, another Danish company that provides various services to railway companies and other public and private transport organisations. The attack was therefore not directly directed against DSB but probably against this service provider. Indeed, Supeo provides DSB with a train driver application to access essential operational information when operating railway lines. The service provider suddenly decided to shut down its servers following the security incident, blocking the services they provide and forcing the drivers to stop.

The nature of the cyber attack has not yet been communicated by Supeo, which is probably awaiting the conclusions of the cyber research teams. Supeo's response methodology suggests that they were trying to prevent malware from spreading across their various working platforms. This is a classic reaction to a ransomware attack to freeze the situation and prevent it from escalating. It is possible that a claim of attack will soon appear on one of the leak sites of a ransomware group.