Hackers pop German steel mill, wreck furnace

Phishing proves too hot for plant

By Darren Pauli

Posted in Security, 22nd December 2014 08:29 GMT

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces.

The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email.

Hackers then pivoted to the production network, a feat that should not be possible according to best practice that requires separation between industrial control systems and the public internet.

"The result was that a blast furnace could be shut down," the agency wrote in a report (page 31, Deutsche).

"The attackers were knowledgeable in conventional IT security and had extensive knowledge of applied control and production processes."

The advanced persistent threat hackers specifically targeted industrial plants but their location was not specified.

The attacks likely demonstrated the mill had not employed sufficient separation of internet-facing and critical production networks.

Attacks against industrial control systems were common but public reporting of resulting physical damage was rare.

In June, Finnish malware probers F-Secure reported that remote access trojans had infected manufacturers of industrial control and SCADA software in France, Germany and Russia by a group that was not considered overly advanced.

Last year, Trend Micro researcher Kyle Wihoit proved the hacker interest in industrial systems through a SCADA honeypot that was attacked within 18 hours of being established on the public internet.

Vendors have throughout the year pushed out patches for various industrial control systems. Patching however could due to configurations and dependencies be difficult to near impossible to complete for some operators. ®

Sign up to our NewsletterGet IT in your inbox daily

75 Comments

More from The Register

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed

Un-Delled SonicWall beefs up firewall to wrestle ransomware

Newly-freed security vendor thinks it can drag users into cloudy security analytics

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

New variant of 'Tsunami' is a disaster waiting to happen

MailChimp 'working' to stop hackers flinging malware-laced spam from accounts

What can you do about it for now? Sweet 2FA

Microsoft patched more Malware Protection Engine bugs last week

Redmond's out-of-band advisory landed after the bugs were fixed

Java and Python have unpatched firewall-crossing FTP SNAFU

This gets interesting when you find your way into a mail server, says dev who found it

X.509 metadata can carry information through the firewall

Video Certificate exchange used as a side-channel before the certs get to work

Crumbs! Crunchyroll distributed malware for a couple of hours

Anime-streamer is fine again, and disinfection is easy

Researchers create AI attacker to defeat AI malware defender

It's like Spy Vs Spy, but with neural network boffins