Danmarks Nationalbank’s comments on media reports about SolarWinds

Authors Danmarks Nationalbank
Subject Statements from Danmarks Nationalbank
Type Statements  
Year 2021
Published 30 June 2021
Abstract icon The allegations about Danmarks Nationalbank was hacked and a back door to IT systems was open for 7 months are not correct.
The allegations about Danmarks Nationalbank was hacked and a back door to IT systems was open for 7 months are not correct. Like 18,000 other companies and organisations worldwide Danmarks Nationalbank was exposed to the vulnerabilities in SolarWind's software via its suppliers and subcontractors. In addition, the SolarWinds attack generally affected the financial infrastructure in Denmark.

The relevant systems at Danmarks Nationalbank were quickly contained and analyzed as soon as the compromise of SolarWinds Orion became known. Consistent and swift action was taken in a satisfactory manner.

Danmarks Nationalbank and the bank's suppliers use several tools and methods to monitor, contain and analyse situations where there is a suspicion of compromise. For security reasons, Danmarks Nationalbank cannot specify which tools or methods are used. In addition, in the specific situation, the IT architecture further minimized the risk of compromise. The analyses carried out conclude that Danmarks Nationalbank has not been compromised due to the vulnerabilities in SolarWind's software during the 7 month period until the vulnerability became known throughout the industry. This has also been confirmed by the bank's IT suppliers.