21 July 2021

Chinese threat actors breached more than a dozen US gas pipeline operators between 2011 and 2013


Chinese threat actors breached more than a dozen US gas pipeline operators between 2011 and 2013

Chinese state-backed hackers compromised at least 13 US gas pipeline operators in a spear-phishing and intrusion campaign conducted from December 2011 to 2013, according to a joint report from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).

The previously unreported campaign targeted 23 U.S. oil and natural gas pipeline companies, of which “13 were confirmed compromises, 3 were near misses, and 7 had an unknown depth of intrusion.”

"The US government has attributed this activity to Chinese state-sponsored actors. CISA and the FBI assess that these actors were specifically targeting US pipeline infrastructure for the purpose of holding US pipeline infrastructure at risk," the two agencies said.

“Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations.”

According to the FBI and CISA, the hackers made no attempts to modify the pipeline operations of systems they accessed, instead they appear to have been more interested on collecting SCADA-related information, personnel lists, credentials, and system manuals.

While the security advisory does not identify threat actors behind this campaign, it provides Indicators of Compromise (IoCs) related to the intrusions.

The report comes merely a day after the US and its foreign allies accused the Chinese Ministry of State Security of a global hacking campaign, including a large-scale attack on Microsoft Exchange servers and other activity in cyberspace described as "irresponsible and destabilizing behavior”.


Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021