In what is technically the first public warning by a European government agency, the Danish Agency for Society Security or Styrelsen for Samfundssikkerhed (SAMSIK) has raised the threat of cyber espionage against the Danish telecoms sector from “medium” to “high” in its latest report. This is due to increased activity from state-sponsored hacker groups against the European telecoms sector.
Since the agency’s last cyber threat assessment for the telecoms sector, the threat picture for the telecoms sector has become more serious. As a result, telecoms and ISPs in Denmark must also be aware of attempted cyber attacks from foreign states, according to the agency.
In addition, it said the threat was raised for destructive cyber attacks against Denmark to “medium” in June 2024 and for cyber activism to “high” in January 2023. Both threat levels also apply to the telecoms sector. The threat from cybercrime to the telecoms sector also remains “very high”, including from ransomware attacks.
In the past, cyber espionage has mainly targeted telecoms providers in Asia and the Middle East, but now it is also increasingly targeting telecoms providers in Europe. The report highlights China, Russia and Iran as foreign states that “continuously use their cyber capabilities to carry out cyber espionage against the telecoms sector worldwide”. This is mainly because through cyber espionage against telecoms and internet service providers, they can gain access to large amounts of data about customers’ use of the provider’s infrastructure, including call data, internet traffic, customer data and location data.
The report says states are interested in this type of data because it can be used to monitor the communication and travel activities of individuals or groups of people. For example, China continuously attempts to monitor the Chinese diaspora in general and dissidents in particular, including minorities such as Uyghurs and Tibetans.
In addition, states can use stolen customer data from the telecoms sector to launch further espionage against customers they find interesting. This could be, for example, technical interception of telephone numbers belonging to politicians or dissidents abroad that the state may have an interest in following and spying on.
In addition to gaining access to telecoms and ISP customer data, foreign states can also use cyber espionage against the telecoms sector to prepare for destructive cyber attacks or physical sabotage. For example, SAMSIK estimated that some of the cyber espionage by Russian state hackers against critical infrastructure in Denmark is aimed at preparing destructive cyber attacks.
The agency points out that the Danish telecom sector can also become attractive espionage targets for states if they develop or use modern technology or if they have knowledge and intellectual property that are attractive economically or technologically. SAMSIK pointed to January 2024, when US authorities indicted seven Chinese citizens on charges including economically motivated cyber espionage against US targets on behalf of the Chinese intelligence service, the Ministry of State Security. According to the indictment the espionage was aimed at targets in the telecoms sector, including a leading supplier of 5G network equipment.
