Danske Statsbaner (DSB)

History

2022: Cyberattack halts trains

In November 2022, Denmark's largest passenger train operator Danske Statsbaner (DSB) faced a cyber attack that forced the company to suspend its transport.

As the head of the DSB security service, Carsten Dam Sonderbo-Jacobsen, clarified, the test environment of the IT contractor Danske Statsbaner was hacked.

Danske Statsbaner (DSB) faces cyber attack that forced companies to suspend their transport

The goal was not infrastructure or DSB. It was an economic crime, "he said, adding that by the beginning of November 2022, it was unclear who was behind this hacker attack. The investigation is ongoing.

According to the Danish television company DR, all trains of the country's largest railway company stopped in the early morning of November 5, 2022, and it was possible to resume traffic only by 13:00. Moreover, even after that, the trains could not run in full accordance with the schedule.

The DSB IT contractor mentioned is Supeo, it said. As a result of a cyber attack, she disconnected her servers, as a result of which train drivers lost the ability to control trains for some time.

In particular, Supeo provides DSB with a mobile application that drivers use to access important operational information, including speed limits and information about railway work. Thus, when the contractor decided to disconnect its servers, the application stopped working, and the drivers were forced to stop the trains.

The attack affected the Digital Backpack 2 platform being developed by Supeo. It allows train drivers to access critical information using an iPhone or iPad.

Experts suggest that Supeo could have been attacked by a ransomware virus. Attackers are pursuing financial targets, the company told Reuters.^[1]

Notes