Cyber Incident Victim: Supeo

On October 28, 2022, a cyber attack targeting the software testing environment of Supeo, an IT subcontractor for Danish train operator DSB, led to a nationwide disruption of Denmark's train network. The attack compromised Supeo's systems, prompting the company to proactively shut down its servers as a containment measure. This shutdown occurred on Saturday, October 29, though the initial breach was detected earlier. The server deactivation severed critical functionality for DSB's locomotive drivers, rendering them unable to operate trains for several hours. The incident caused significant travel delays and cancellations across Denmark, stranding passengers during weekend operations. DSB confirmed the attack's economic motivation, clarifying that infrastructure systems were not directly targeted. The operator's chief of security, Carsten Dam Sonderbo-Jacobsen, stated the compromise occurred within Supeo's testing infrastructure rather than production environments.

DSB publicly disclosed the incident's cause on November 3, 2022, following investigations coordinated with Supeo. The train operator emphasized that while the attack didn't breach DSB's own systems, the interdependency with Supeo's software created operational vulnerability. Sonderbo-Jacobsen characterized the event as criminal activity focused on financial gain, distinct from state-sponsored infrastructure attacks. No ransomware claims or specific threat actors were identified during the initial investigation phase. Service restoration occurred after Supeo completed security protocols on its systems, though the exact remediation timeframe wasn't detailed. The disruption highlighted supply chain risks in critical transportation infrastructure, particularly dependencies on third-party software providers. Investigations remained ongoing to determine attack vectors and responsible parties at the time of DSB's statement.