Chinese state hackers breached over a dozen US pipeline operators

Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees.

The end goal of the attacks was to help China develop cyberattack capabilities that would allow future intrusions to physically damage targeted pipelines or disrupt US pipeline operations.

This was revealed Tuesday in a joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

Chinese-backed threat actors targeted 23 US pipeline operators

Overall, the US Government identified and tracked 23 US natural gas pipeline operators targeted from 2011 to 2013 in this spearphishing and intrusion campaign. Of the known targeted entities, 13 were confirmed compromises, 3 were near misses, and 7 had an unknown depth of intrusion, the advisory reads.

CISA and FBI assess that these intrusions were likely intended to gain strategic access to the ICS networks for future operations rather than for intellectual property theft. This assessment was based on the content of the data that was being exfiltrated and the TTPs used to gain that access.

The attackers’ end goal of gaining access to ICS networks was evident in at least one compromise incident when they ignored sensitive decoy documents, including financial and business-related info, planted on a honeypot.

The tactics, techniques, and procedures (TTPs) shared in the joint advisory are still relevant and can help US critical infrastructure (CI) organizations protect their network from similar attacks.

Operators of Energy Sector and other CI networks are urged to be cautious of potential attacks and implement network segmentation between their IT and industrial control system (ICS)/operational technology (OT) networks to reduce the risk of compromise and operational disruption stemming from intrusion attempts.

CISA and the FBI also provide a list of mitigations Energy Sector and other CI owners and operators should implement for better defense.

Full article

Scroll to Top