Cybersecurity Agency (CSA) announced today that it had
discovered an advanced persistent attack targeted at chemical manufacturing
facilities in the United States. Ida Long explained that at least fourteen
chemical facilities from three separate companies have had their corporate
computer systems and chemical control systems compromised in the last couple of
months. The attacks have been accomplished by a new cyber attack group being
called ChemStat by the CSA. ChemStat may be associated with the Chinese
government according to Long.
Long reported that the CSA had been monitoring email systems
for a large number of chemical facilities for the last six months. The attacks
had started as targeted phishing attacks with emails being sent to control
systems engineers and technicians at twenty different chemical facilities that
CSA had been monitoring. The emails were purportedly from control system
suppliers announcing new control system software and upgrades that were
available.
Links in the email took people who clicked on the links to
look-alike web sites where sophisticated software compromised the systems of
those visiting the site. The attackers then used those compromised machines to
pivot into both the corporate IT network and the facility’s control system
networks.
When asked if the companies involved knew that CSA was monitoring
their email systems, Long responded that since the monitoring was not being
done from corporate resources, CSA was not required to inform the companies
that their systems were under surveillance. CSA was operating these monitoring
efforts as part of a congressional mandate to be more proactive in defending
critical infrastructure system from nation-state attacks. Long assured reporters
that CSA was not reading all of the emails, just those that appeared to contain
phishing attacks.
Long would not confirm what other critical infrastructure
sectors were being monitored in the same way.
Immanuel C. Securitage confirmed that ECS-CERT was the lead
agency looking at the control system infiltration at the affected plants. He
noted that the longest any system had been affected was 30-days and that
ECS-CERT had not found any indications that anything beyond data exfiltration
had been done on those systems.
Securitage did note that once ECS-CERT had become involved
in the process, they immediately notified the affected facilities had had their
control systems compromised and worked with them to identify the limits of that
compromise and restore all systems to their prior condition.
He did explain that his group was not allowed to tell the
affected facilities how they had become aware of the control system compromise.
ECS-CERT had not become aware until todays press conference that the IT systems
at the companies had also been compromised.
CAUTIONARY NOTE: This is a future news story –
No comments:
Post a Comment