State-sponsored Chinese cybercriminals successfully hacked into the control systems of several U.S. oil and natural gas pipelines between December 2011 to 2013, a Wednesday alert from the Department of Homeland Security’s cyber outfit and the FBI reveals.
The hackers stole information that would have allowed them to access control networks and provided them with “sufficient access to allow them to remotely perform unauthorized operations on the pipeline with physical consequences,” says the alert. The campaign compromised at least 13 companies. Of the 23 targets, eight had an unknown level of intrusions. The Cybersecurity Infrastructure and Security Agency and the FBI provided assistance to victims at the time.
“CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk,” the alert says. “Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations.”
CISA and FBI are urging owners and operators in the energy sector and other critical infrastructure to be on guard. The agencies Tuesday released five alerts and advisories advising the sector on potential risks.
America’s pipelines have traditionally been under looser regulation than the rest of the energy sector, though that’s begun to change since hackers forced fuel provider Colonial Pipeline to shut down for nearly a week in May. The Department of Homeland Security’s TSA released several new requirements for operators on Tuesday aimed at protecting the industry from ransomware attacks.
The new attributions represent the latest public U.S. scrutiny of China’s hacking operations. The U.S. and several allies accused China of hiring hackers that exploited a vulnerability in Microsoft Exchange Server earlier this year that enabled worldwide ransomware attacks on tens of thousands of victims.