The United States says China has dismantled dozens of pipeline companies over the past decade
The Biden administration unveiled details of Tuesday’s rating of state-sponsored cyberattacks on U.S. oil and gas pipelines over the past decade, giving pipeline owners a warning to prevent further attacks. Increase system security.
From 2011 to 2013, Chinese-backed hackers targeted and in several cases violated two dozen companies that owned such pipelines, the FBI and the Department of Homeland Security revealed in a warning Tuesday. For the first time, the agencies said they decided that the possible intervention was aimed at gaining strategic access to industrial control networks that run the pipeline for future operations rather than stealing intellectual property. In other words, the hackers were preparing to take control of the pipelines instead of just stealing the technology that would allow them to operate.
Of the 23 operators of natural gas pipelines targeted for e-mail forgery known as spare phishing, the agencies said 13 had been successfully compromised, while three were “almost missing”. Due to lack of data, the extent of interference in seven operators could not be ascertained.
The revelations came as Ransomware Group in Russia easily forced the closure of the pipeline network, which supplies about half of the petrol, jet fuel and diesel that reaches the east coast. The attack on the colonial pipeline – which was aimed at the company’s business system, not the pipeline’s operation – caused the company to cut off its supply for fear that the attacker would be able to do the next thing. Will be able to After long lines and shortages of gasoline, President Biden stressed the urgent need to defend critical infrastructure from U.S. pipelines and cybersecurity.
The alleged report on China’s activities presents a security guideline that requires owners and operators of pipelines deemed important by the Transportation Security Administration to pay ransom and other. Take specific measures to avoid attacks and plan for emergencies and recovery. Corrective measures were not taken publicly, but officials said they tried to address some of the major shortcomings found during the review of the colonial pipeline attack. (This privately held company has said very little about the vulnerabilities in its systems that have been exploited by hackers.)
Under the directive, another follow-up was issued in May, requiring companies to report important cyber-taxes to the government. But it did nothing to seal the systems.
The new movable report was a reminder that country-backed hackers targeted oil and gas pipelines before cybercriminals devised new ways to hold their operators hostage for ransom. Ransomware is a type of malware that encrypts data until the victim is paid. It paid about 4 4 million in cryptocurrency for the attack on the colonial pipeline, some of which was withdrawn by the FBI when the criminals left part of the money in the cryptocurrency wallet. But it was, as one law enforcement official put it, “lucky break.” A few weeks later, ns 11 million was recovered from JBS, a manufacturer of wheat meat products. None of this was recovered.
About 10 years ago, the Department of Homeland Security said in its immovable report that it had begun responding to interference in oil pipelines and electricians. Officials have successfully traced a portion of these attacks on China, but in 2012, the motive was unclear: were hackers looking for industrial secrets? Or were they positioning themselves for some future attack?
“We’re still trying to figure it out,” a senior U.S. intelligence official told the New York Times in 2013. They could do both. “
But on Tuesday, the alert stressed that the goal was to “jeopardize the infrastructure of the US pipeline.”
“The purpose of this activity was ultimately to help China develop cybersecurity capabilities against US pipelines in order to physically damage the pipelines or affect pipeline operations,” the warning said.
The warning came amid renewed concerns over the cyber defense of key infrastructure exposed to the attack on the colonial pipeline. The breach sounded alarm bells at the White House and the Department of Energy, which found that the nation could have endured three more days before large-scale transit and chemical refineries were shut down.
Mandiant, a division of the security firm FireE, said the consultation was in line with the Chinese-backed intervention it had learned about several natural gas pipeline companies and other key operators from 2011 to 2013. But the firm added an unshakable detail that said it “strongly” believes that in one case, Chinese hackers gained access to control, which could have shut down the pipeline or possibly There may be an explosion.
Although the guideline did not name the victims of the pipeline intrusion, one of the companies infiltrated by Chinese hackers in the same time frame was Tolunt, which operates more than half of the oil and gas pipelines in North America. Keeps an eye on He discovered the hackers in his computer system in September 2012, just after he had been imprisoned there for months. The company cut off its remote access to the consumer system, fearing it could be used to shut down American infrastructure.
The Chinese government has denied any wrongdoing. Congress failed to enact cybersecurity legislation that would increase the security of pipelines and other critical infrastructure. And the country seems to be moving forward.
Nearly a decade later, the Biden administration says the threat of hacking into US oil and gas pipelines has never been greater. On Tuesday, Secretary of Homeland Security Alejandro N. Murcas said in a statement on Tuesday that the lives and livelihoods of the American people depend on our collective ability to protect our nation’s vital infrastructure from threats. Is.
The May directive “30 days to identify any deficiencies and related treatments to address cyber-related threats” and 30 days to report to the Department of Cyber Security and Infrastructure Security of TSA and Homeland Security. Has been set.
Shortly after taking office, Biden promised that improving cybersecurity would be a top priority. This month, they met with top advisers to discuss options for responding to a wave of Russian ransomware attacks on U.S. companies, including a Florida-based company on July 4 that Provides software to businesses that manage technology.
And on Monday, the White House said that China’s Ministry of State Security, which oversees intelligence, was behind an unusually aggressive and sophisticated attack in March on thousands of victims who relied on Microsoft Exchange’s mail servers.
In addition, the Justice Department on Monday charged four Chinese nationals with coordinating the hacking of trade secrets of companies in the aviation, defense, biopharmaceuticals and other industries.
According to the indictment, Chinese hackers work from front companies, some on Hainan Island, and Chinese universities not only to recruit hackers into the ranks of the government, but also to manage important business tasks such as salaries. Also work U.S. officials and security experts say the decentralized structure is intended to offer an acceptable denial of Chinese Foreign Ministry security.
The allegations also allege that Chinese “government-affiliated” hackers carried out ransom attacks while pursuing their own lucrative projects, confiscating millions of dollars from companies.
Eileen Sullivan Cooperation reporting.