23 gas pipeline operators were targeted by a Chinese cyber attack between December 2011 and February 2012.
There were also three “near misses” – presumably when companies were nearly breached. Eight more had an “unknown depth of intrusion.”
In 2021 the US government declassified details of these Chinese cyber attacks.
According to the US government, the attackers did not try to steal intellectual property. Instead they focused on gaining the ability to disrupt or damage the pipelines.
The spear phishing emails used were “constructed with a high level of sophistication to convince employees to view malicious files.”
After compromising the systems of the pipeline operators, the attackers compromised company systems that allowed remote operation of equipment. They also stole data on the usernames and passwords of company employees and system manuals.
One of the affected companies reported that after they ejected the malicious actors from their systems and did a system-wide credential reset, their IT networking department received a number of phone calls from someone claiming to be conducting a survey on cyber security practices, and asking about the software the company used and its firewall policy.
This attack happened 10 years ago – and the attackers have only become more sophisticated!
Building a strong cyber security culture is critical to identify and stop cyber attacks.