US Says China Breached Dozens of Pipeline Companies in the Last Decade


The Biden administration released previously classified details on Tuesday about the breadth of state-sponsored cyberattacks on American oil and gas pipelines over the past decade, as part of a warning to pipeline owners to increase the security of their systems to prevent future attacks.

From 2011 to 2013, Chinese-backed hackers targeted and in many cases breached nearly two dozen companies with such pipelines, the FBI and the Department of Homeland Security. appeared in a warning Tuesday. The agencies said for the first time that they thought “the intrusions were probably aimed at gaining strategic access” to the industrial control networks that run the pipelines “for future operations rather than intellectual property theft”. In other words, the hackers were preparing to take control of the pipelines, rather than just stealing the technology that allowed it to work.

23 of natural gas pipeline operators a form of email scam known as spear phishing, agencies said that 13 were successfully seized, while three were “near misses”. The extent of the intrusions on the seven operators was unknown due to lack of data.

The revelations came as the federal government sought to mobilize the pipeline industry after a Russia-based ransomware group forced it to easily shut down a pipeline network that supplies nearly half of gasoline, jet fuel and diesel flowing to the East Coast. Attack on Colonial Pipeline — targeting the company’s business systems, not the pipeline’s operations — caused the company to halt its shipments for fear that attackers might not know what to do next. Long gas lines and shortages underlined the urgency for President Biden to defend the United States’ pipelines and critical infrastructure from cyberattacks.

The declassified report on China’s activities was accompanied by a security directive requiring pipeline owners and operators, deemed critical by the Transportation Security Administration, to take specific steps to protect against ransomware and other attacks, and establish a contingency and recovery plan. The exact steps have not been made public, but officials said they are trying to address some of the major shortcomings found while investigating the Colonial Pipeline attack. (The company, which is a private company, has said little about the vulnerabilities in its systems used by hackers.)

The directive is as follows Another one in May This required companies to report significant cyberattacks to the government. But it did nothing to turn these systems off.

The newly declassified report reminded that nation-backed hackers targeted oil and gas pipelines before cybercriminals found new ways to hold their operators hostage for ransom. Ransomware is a form of malware that encrypts data until the victim pays. The attack on Colonial Pipeline resulted in payments of nearly $4 million in cryptocurrency, some of which were in the hands of the FBI. withdrawn after criminals leave some of the money visible in their cryptocurrency wallet. But it was a “lucky break,” as one law enforcement officer put it. A few weeks later, another ransomware attack stole $11 million from beef products maker JBS; none were saved.

About 10 years ago, the Department of Homeland Security said in the declassified report that it began responding to intrusions into oil pipelines and electric power operators at an “alarming rate”. Authorities successfully tracked down some of these attacks on China, but in 2012, his motivation was not clear: Were hackers roaming for industrial secrets? Or were they positioning themselves for a future attack?

“We’re still trying to figure it out,” said a senior American intelligence official He told The New York Times in 2013. “They could have been doing both.”

But Tuesday’s warning suggested the goal was to “put the US pipeline infrastructure at risk.”

“This activity was ultimately aimed at helping China develop cyberattack capabilities against US pipelines to physically damage pipelines or disrupt pipeline operations,” the alert said.

The alert was triggered by new concerns about the cyber defense of critical infrastructure, brought to the fore by the Colonial Pipeline attack. The violation sparked alarms in the White House and the Energy Department that found the country could only withstand three more days of disruption before public transportation and chemical refineries came to a halt.

Mandiant, a division of security firm FireEye, said the advice was consistent with the Chinese-backed attacks it followed on multiple gas pipeline companies and other critical operators from 2011 to 2013. But the firm firmly believed that in one case, Chinese hackers gained access to controls that could shut down a pipeline or potentially lead to an explosion.

Although the directive does not name the victims of the pipeline intrusion, one of the companies It was Telvent that was infiltrated by Chinese hackers during the same time period, which monitors more than half of the oil and gas pipelines in North America. He discovered hackers in computer systems in September 2012, but only after months of wandering there. The company has shut down remote access to its customers’ systems, fearing it will be used to shut down American infrastructure.

The Chinese government denied being behind the Telvent breach. Congress failed to pass cybersecurity law this would increase the security of pipelines and other critical infrastructures. And the country seemed to be on its way.

Nearly a decade later, the Biden administration says a hacking threat to America’s oil and gas pipelines has never been more serious. “The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure from emerging threats,” Homeland Security Secretary Alejandro N. Majorcas said on Tuesday.

The May directive set a 30-day period to “identify any gaps and associated remediation measures to address cyber-related risks” and report them to the TSA and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

Shortly after taking office, President Biden promised that improving cybersecurity would be a top priority. This month met with top advisors to discuss reply options A wave of Russian ransomware attacks on American companies, including the July 4 attack on a Florida company that provides software to businesses that manage technology for small firms.

And on Monday White House, Ministry of State Security of ChinaThe one who oversees the intelligence is left behind an unusually aggressive and sophisticated attack In March, over tens of thousands of victims relying on Microsoft Exchange mail servers.

separate ministry of justice unsealed indictments of four Chinese citizens on Monday to coordinate the seizure of trade secrets from companies in the aerospace, defense, biopharmaceutical and other industries.

According to the indictments, China’s hackers, some of whom operate from shell companies on the island of Hainan, are tapping into Chinese universities not only to recruit hackers into the government’s ranks, but also to manage important business operations such as payroll. American officials and security experts say this decentralized structure aims to offer reasonable deniability to China’s Ministry of State Security.

The indictments also revealed that China’s “government-affiliated” hackers engaged in their own for-profit ventures and carried out ransomware attacks that blackmailed millions of dollars from companies.

Eileen Sullivan contributing reporting.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *