Security

Hackers pop German steel mill, wreck furnace

Phishing proves too hot for plant

By Darren Pauli

75 SHARE

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces.

The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email.

Hackers then pivoted to the production network, a feat that should not be possible according to best practice that requires separation between industrial control systems and the public internet.

"The result was that a blast furnace could be shut down," the agency wrote in a report (page 31, Deutsche).

"The attackers were knowledgeable in conventional IT security and had extensive knowledge of applied control and production processes."

The advanced persistent threat hackers specifically targeted industrial plants but their location was not specified.

The attacks likely demonstrated the mill had not employed sufficient separation of internet-facing and critical production networks.

Attacks against industrial control systems were common but public reporting of resulting physical damage was rare.

In June, Finnish malware probers F-Secure reported that remote access trojans had infected manufacturers of industrial control and SCADA software in France, Germany and Russia by a group that was not considered overly advanced.

Last year, Trend Micro researcher Kyle Wihoit proved the hacker interest in industrial systems through a SCADA honeypot that was attacked within 18 hours of being established on the public internet.

Vendors have throughout the year pushed out patches for various industrial control systems. Patching however could due to configurations and dependencies be difficult to near impossible to complete for some operators. ®

Sign up to our NewsletterGet IT in your inbox daily

75 Comments

More from The Register

Apache Hadoop spins cracking code injection vulnerability YARN

Loose .zips sink chips 2: Electric Boogaloo

Google Play Store spews malware onto 9 million 'Droids

How did these get through the net?

F5: Don't panic but folks can slip past vulnerable firewall servers, thanks to libssh's credentials-optional 'security'

Updated Also: AWS on avoiding state machine slips

Malware 'disguised as Siemens software drills into 10 industrial plants'

Four years of active infection, claims security biz Dragos

Siemens patches one security vuln, leaves folks to block second

LOGO owners on alert

SoftNAS no longer a soft touch for hackers (for now)... Remote-hijacking vulnerability patched

Your files are someone else's files, too, thanks to storage bug

Intel AMT bug bit Siemens industrial PCs

Patches issued for 38 products, plus bonus Web portal bug-fix

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Git security vulnerability could lead to an attack of the (repo) clones

Best git patching y'all

Malware scum want to build a Linux botnet using Mirai

Hadoop YARN is the attack vector, so lock it away