China’s cyber attack on American pipelines

China’s cyber attack on American pipelines

by Andrew
July 21, 2021

23 gas pipeline operators were targeted by a Chinese cyber attack between December 2011 and February 2012.

The 23 companies received targeted spear phishing email campaign directed to their employees. The cyber attack compromised 13 operators – a confirmed success rate better than 50%!

There were also three “near misses” – presumably when companies were nearly breached. Eight more had an “unknown depth of intrusion.”

In 2021 the US government declassified details of these Chinese cyber attacks.

According to the US government, the attackers did not try to steal intellectual property. Instead they focused on gaining the ability to disrupt or damage the pipelines.

The spear phishing emails used were “constructed with a high level of sophistication to convince employees to view malicious files.”

Spear phishing emails manipulate and exploit your employees to gain access to your systems, data, or finances.

After compromising the systems of the pipeline operators, the attackers compromised company systems that allowed remote operation of equipment. They also stole data on the usernames and passwords of company employees and system manuals.

One of the affected companies reported that after they ejected the malicious actors from their systems and did a system-wide credential reset, their IT networking department received a number of phone calls from someone claiming to be conducting a survey on cyber security practices, and asking about the software the company used and its firewall policy.

This attack happened 10 years ago – and the attackers have only become more sophisticated!

Building a strong cyber security culture is critical to identify and stop cyber attacks.

Let’s find a time to catch up and see how we can help get every employee on your cyber team.

You can read the full US government report here.

Related Stories

Photo by Florian Schmetz on Unsplash
February 24, 2022

Increase your awareness before you get trapped

Phishing attacks are a personal threat to every individual. You need to be a smart, sustain a safe cyber environment, and create awareness about the risk.

February 3, 2022

Social engineering: exploiting human nature for malicious attacks

Social engineering is a tool of psychological manipulation. Cybercriminals exploit human error to conduct a cyberattack and trick users into making security mistakes.

January 14, 2022

Phishing smell after hackers check in

One day a hotel employee received an email that looked like it was from a tour operator. But it was a phishing email from hackers.