Security

Hackers pop German steel mill, wreck furnace

Phishing proves too hot for plant

By Darren Pauli

75 SHARE

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces.

The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email.

Hackers then pivoted to the production network, a feat that should not be possible according to best practice that requires separation between industrial control systems and the public internet.

"The result was that a blast furnace could be shut down," the agency wrote in a report (page 31, Deutsche).

"The attackers were knowledgeable in conventional IT security and had extensive knowledge of applied control and production processes."

The advanced persistent threat hackers specifically targeted industrial plants but their location was not specified.

The attacks likely demonstrated the mill had not employed sufficient separation of internet-facing and critical production networks.

Attacks against industrial control systems were common but public reporting of resulting physical damage was rare.

In June, Finnish malware probers F-Secure reported that remote access trojans had infected manufacturers of industrial control and SCADA software in France, Germany and Russia by a group that was not considered overly advanced.

Last year, Trend Micro researcher Kyle Wihoit proved the hacker interest in industrial systems through a SCADA honeypot that was attacked within 18 hours of being established on the public internet.

Vendors have throughout the year pushed out patches for various industrial control systems. Patching however could due to configurations and dependencies be difficult to near impossible to complete for some operators. ®

Sign up to our NewsletterGet IT in your inbox daily

75 Comments

More from The Register

Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow

By design, though, not... er, general rubbishness

Oracle point-of-sale system vulnerabilities get Big Red cross

Patched, Oracle? Speedily

Beware the IDEs of Android: three biggies have vulnerabilities

Android Studio, Eclipse, and IntelliJ IDEA stabbed in the back by an XML parser

Git security vulnerability could lead to an attack of the (repo) clones

Best git patching y'all

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

OpenFlow protocol has a switch authentication vulnerability

It's old, it's everywhere and it's not likely to be fixed in a hurry

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed

Cisco waves swatter at ten new vulnerabilities

It's 2017, and UPnP is still a critical attack vector

Russian malware harvesting Telegram Desktop creds, chats

Python programmer may have outed himself on YouTube

White-box security webcam scatters vulnerabilities through multiple OEMs

Hands up anyone who tests what they stick their labels on. Anyone? We thought not