DSB Danish railways shutdown (Supeo supply-chain)
A cyberattack on subcontractor Supeo forced it to shut down its servers, disabling a mobile app train drivers rely on for operational data and halting all DSB trains across Denmark for several hours — a textbook supply-chain disruption of critical transport.
- Victim
- DSB (Danske Statsbaner)
On 5 November 2022, all trains operated by DSB (Danske Statsbaner), Denmark's largest train operator, ground to a halt for several hours. The cause was not an attack on DSB itself but on Supeo, a Danish subcontractor whose software train drivers depend on for real-time operational information — a clear-cut case of supply-chain disruption rippling into national transport.
What happened
Supeo provides enterprise asset-management solutions to railway companies, transport-infrastructure operators, and public passenger authorities. Among its services is a mobile application that DSB train drivers use to access critical operational information — speed limits, track-work notices, and other safety-relevant data.
Supeo detected that its test environment had been compromised by criminal hackers. As a precaution, the company shut down its servers. The moment those servers went offline, the driver app stopped functioning. Without access to the operational data they are required to have, drivers had no choice but to stop their trains, and DSB's network froze nationwide for several hours.
DSB's chief of security, Carsten Dam Sønderbo-Jacobsen, said: "We were contacted by our subcontractor who told us that their testing environment had been compromised by criminal hackers." He stressed the attack had not targeted DSB or rail infrastructure directly, characterizing it as economic crime — language widely read as pointing to a ransomware incident at Supeo.
Impact
- All DSB trains across Denmark were stopped for several hours, stranding passengers and disrupting commuter and intercity services.
- The disruption stemmed entirely from a precautionary shutdown by a third party, not from any compromise of DSB's own systems — an important nuance in the incident's analysis.
- Service was gradually restored the same day as Supeo and DSB implemented workarounds and brought systems back safely.
Why it matters
The DSB shutdown is a defining example of third-party and supply-chain risk in operational technology. No DSB system was breached, yet a security incident at a single software supplier — and that supplier's own defensive decision to pull its servers — was enough to paralyze a nation's passenger rail network. It highlighted how a seemingly peripheral app can sit on the critical path of safe train operation, and why transport operators must map dependencies on suppliers, demand resilience and offline fallbacks, and plan for a supplier outage as a first-order operational risk rather than an IT afterthought.
Timeline
Supeo, a DSB subcontractor, discovers its test environment has been compromised by criminal hackers and shuts down its servers as a precaution.
With Supeo's servers offline, the driver app stops working; DSB train drivers lose access to essential operational data and must halt their trains.
All DSB trains across Denmark are stopped for several hours — one of the country's most visible transport disruptions caused by a cyber incident.
Service is gradually restored later in the day as workarounds are put in place; DSB characterizes the incident as economic crime, hinting at ransomware.
Sources
- securityweek.comhttps://www.securityweek.com/cyberattack-causes-trains-stop-denmark/
- bitdefender.comhttps://www.bitdefender.com/en-us/blog/hotforsecurity/denmarks-train-network-frozen-due-to-cyberattack-on-subcontractor
- cybernews.comhttps://cybernews.com/news/cyberattack-paralyzed-danish-railways/
- cds.thalesgroup.comhttps://cds.thalesgroup.com/en/node/495
- microsec.iohttps://www.microsec.io/posts/attack-on-denmarks-trains-highlights-the-risks-to-ot-systems