Cyber Incident Victim: Denmark
Date:
Jan 2023
Location:
Denmark
Summary
A series of DDoS attacks targeted Denmark's financial sector, disrupting online banking services for multiple institutions. The attacks impacted Bankdata, a key IT provider for several banks, causing temporary outages of customer-facing websites but not affecting mobile banking or transaction systems. Seven banks experienced service interruptions, with the Russian hacker group Killnet claiming responsibility. Cybersecurity experts confirmed the incidents as overloading attacks that disrupted accessibility without compromising data or breaching internal systems. Services were restored within hours, and while some attacks were successfully mitigated, the coordinated nature of the incidents highlighted vulnerabilities in the banking infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 10, 2023, a distributed denial-of-service (DDoS) attack disrupted the public-facing websites of seven Danish banks relying on Bankdata’s IT infrastructure. The incident initially affected six banks—Skjern Bank, Ringkjøbing Landbobank, Sparekassen Sjælland-Fyn, Djurslands Bank, Kreditbanken, and Sydbank—whose shared servers became overwhelmed by malicious traffic. Jyske Bank’s website subsequently experienced downtime as the attack expanded, though Nordfyns Bank, operating on an independent server, remained unaffected. Bankdata initially attributed the disruptions to a technical error but later confirmed a coordinated overbelastningsangreb (overload attack) resembling the DDoS incident targeting Denmark’s National Bank earlier that week. The attack exclusively impacted institutional websites, leaving mobile banking applications, customer payments, and transaction systems operational. Bankdata restored full website accessibility by approximately 13:00 local time after mitigating the traffic surge.
A second wave of DDoS attacks occurred on January 14, 2023, again targeting Bankdata’s client institutions including Jyske Bank, Sydbank, and Djursland Bank. This incident temporarily disabled both netbank (online banking) and mobile banking services for customers, escalating operational disruptions beyond the prior website outages. Bankdata’s communications consultant Jens Refsgaard acknowledged the attack and confirmed service restoration within the same day. The Russian hacker group Killnet claimed responsibility for both attack waves via Telegram posts, as corroborated by Jan Kaastrup of security firm CSIS and Danske Bank’s security chief. Danske Bank separately reported deflecting a related DDoS attempt on January 9 without service degradation. Jens Myrup Pedersen, a cybersecurity professor at Aalborg University, clarified that DDoS attacks only induce temporary service unavailability without compromising data integrity or enabling unauthorized system access. The cumulative incidents affected approximately 1.6 million customers across eight Bankdata-supported institutions but caused no reported financial losses or data breaches.