Cyber Incident Victim: Nordea Bank Abp
Date:
Mar 2022
Location:
Denmark
Summary
Nordea Bank Abp experienced a distributed denial-of-service (DDoS) attack that disrupted its online and mobile banking services, causing slower response times. The bank confirmed the incident and mitigated the impact to restore customer access, though some services remained degraded. The attack occurred amid heightened cybersecurity threats against Danish critical infrastructure linked to geopolitical tensions, prompting increased sector-wide preparedness. While the perpetrator remained unidentified, security experts warned of escalating risks from sophisticated Russian-aligned threat actors targeting Danish entities. This incident coincided with confirmed cyberattacks against other Danish companies, including a ransomware incident attributed to the Conti group, underscoring broader concerns about systemic vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 6, 2022, Nordea Bank Abp experienced a cyber incident affecting its digital banking services. The attack occurred over the weekend, targeting the bank’s online infrastructure. Nordea confirmed the incident involved a partial overload of its systems, specifically impacting netbank and mobile banking platforms. Customers encountered slower-than-normal response times when accessing these services, though the bank maintained partial functionality. Technical analysis identified the incident as a Distributed Denial of Service (DDoS) attack, where threat actors deliberately overwhelmed Nordea’s servers with excessive traffic to disrupt operations. The bank implemented immediate countermeasures to restore access, successfully enabling customer logins despite persistent performance degradation in some services. Nordea did not disclose technical details regarding attack duration, traffic volume, or specific server vulnerabilities exploited.
Nordea’s incident response team secured affected systems while maintaining public communication about service limitations. The bank declined to speculate about attacker identity or motivations, distinguishing this event from the contemporaneous Conti ransomware attack against Danish surveying firm LIFA. This incident coincided with heightened cybersecurity alerts across Denmark’s financial sector following Russia’s invasion of Ukraine, though no evidence linked the DDoS attack to geopolitical actors. Nationalbanken and major Danish banks had previously issued joint statements about reinforced cyber defenses, reflecting sector-wide preparedness efforts. Nordea’s public disclosures emphasized operational continuity measures without referencing data breaches, financial losses, or ransom demands. Service performance gradually normalized following mitigation efforts, though the bank did not specify a full recovery timeline. The attack remained under investigation with unresolved attribution at the time of reporting.