The hacking group – said to be the same group which is alleged to have attacked the American Democrat Party during last year's election campaign – gained access to the emails of selected Danish armed forces employees, reported newspaper Berlingske on Sunday.
Although none of the hacked information is considered to be sensitive in regard to security, it could potentially be used to blackmail employees into becoming agents, PET told Berlingske.
Denmark's minister of defence Claus Hjort Frederiksen told the newspaper that the revelations of the PET report left Denmark in a “very critical situation”.
The minister also said that it would be “naïve” to think that anything could be gained from requesting an explanation from the Russian government.
“I cannot imagine that [contacting Russia regarding the issue] would have any consequences, because the Russians would – as they previously have done – blankly deny that they have carried this out,” Frederiksen told news agency Ritzau.
Defence spokesperson Henrik Dam Kristensen of the opposition Social Democrats called the hacking attacks “grotesque and unjust”.
“It is serious, and even though it is not a normal war, there has been an attack on Denmark. It's equivalent to a foreign nation ignoring all the rules that ought to exist in national cooperation,” he said to Ritzau.
Kristensen called for the government “make it clear to Russia that this is in no way acceptable,” but said that he did not expect any apologies from Putin should diplomatic consequences result.
According to the report by PET's Centre for Cyber Security, the state-sponsored hacker group Fancy Bear – said to be directly connected to president Vladimir Putin and behind the attack on Democrat Party email accounts last year – gained access to the email accounts of specifically chosen employees in the Danish armed forces, reports Berlingske.
The attacks took place between March 2015 and October 2016, and began with phishing-style emails sent to specific security authority employees at the defence and foreign ministries in an effort to harvest login information.
This was then followed up with fake login pages being used against the targets of the hacking, an an attempt to compromise servers on armed forces IT systems.
Centre for Cyber Security declined to reveal to Berlingske how the attacks were discovered for “reasons of security”, reports the newspaper.
But the period of time over which the attacks took place may reveal something about their nature, according to IT security consultant Henrik Kramshøj.
“It shows that they are durable opponents. It seems as though there was no trace of them to start with. It seems like it took a year before it was discovered, and that is very unfortunate,” Kramshøj told Berlingske.