Hackers pop German steel mill, wreck furnace
Phishing proves too hot for plant
Posted in Security, 22nd December 2014 08:29 GMT
Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces.
The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email.
Hackers then pivoted to the production network, a feat that should not be possible according to best practice that requires separation between industrial control systems and the public internet.
"The result was that a blast furnace could be shut down," the agency wrote in a report (page 31, Deutsche).
"The attackers were knowledgeable in conventional IT security and had extensive knowledge of applied control and production processes."
The advanced persistent threat hackers specifically targeted industrial plants but their location was not specified.
The attacks likely demonstrated the mill had not employed sufficient separation of internet-facing and critical production networks.
Attacks against industrial control systems were common but public reporting of resulting physical damage was rare.
In June, Finnish malware probers F-Secure reported that remote access trojans had infected manufacturers of industrial control and SCADA software in France, Germany and Russia by a group that was not considered overly advanced.
Last year, Trend Micro researcher Kyle Wihoit proved the hacker interest in industrial systems through a SCADA honeypot that was attacked within 18 hours of being established on the public internet.
Vendors have throughout the year pushed out patches for various industrial control systems. Patching however could due to configurations and dependencies be difficult to near impossible to complete for some operators. ®