Security

Hackers pop German steel mill, wreck furnace

Phishing proves too hot for plant

By Darren Pauli

75 SHARE

Talented hackers have caused "serious damage" after breaching a German steel mill and wrecking one of its blast furnaces.

The hack of the unnamed mill, detailed in the annual report of the German Federal Office of Information Security, was pulled off after a victim fell for a phishing email.

Hackers then pivoted to the production network, a feat that should not be possible according to best practice that requires separation between industrial control systems and the public internet.

"The result was that a blast furnace could be shut down," the agency wrote in a report (page 31, Deutsche).

"The attackers were knowledgeable in conventional IT security and had extensive knowledge of applied control and production processes."

The advanced persistent threat hackers specifically targeted industrial plants but their location was not specified.

The attacks likely demonstrated the mill had not employed sufficient separation of internet-facing and critical production networks.

Attacks against industrial control systems were common but public reporting of resulting physical damage was rare.

In June, Finnish malware probers F-Secure reported that remote access trojans had infected manufacturers of industrial control and SCADA software in France, Germany and Russia by a group that was not considered overly advanced.

Last year, Trend Micro researcher Kyle Wihoit proved the hacker interest in industrial systems through a SCADA honeypot that was attacked within 18 hours of being established on the public internet.

Vendors have throughout the year pushed out patches for various industrial control systems. Patching however could due to configurations and dependencies be difficult to near impossible to complete for some operators. ®

Sign up to our NewsletterGet IT in your inbox daily

75 Comments

More from The Register

BIND comes apart thanks to ancient denial-of-service vuln

No active exploits, but crashes are happening in the wild

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

Probe confirms: No attack, just an incredibly unpopular policy brought down feedback site

OpenFlow protocol has a switch authentication vulnerability

It's old, it's everywhere and it's not likely to be fixed in a hurry

Fancy Bear still Putin out new modules for VPNFilter malware

Talos turns up obfuscation, lateral attacks, and proxies

Tech support scammers use denial of service bug to hang victims

Process pig keeps eyes glued on fraudsters' phone number.

Brit teen accused of running malware factory and helpdesk for crims

Lad cuffed after worldwide manhunt leads cops to parents' home in Stockport, UK

Microsoft patched more Malware Protection Engine bugs last week

Redmond's out-of-band advisory landed after the bugs were fixed

DOJ convicts second bloke for helping malware go undetected

Scan scam? Scram

Russian malware harvesting Telegram Desktop creds, chats

Python programmer may have outed himself on YouTube

Crumbs! Crunchyroll distributed malware for a couple of hours

Anime-streamer is fine again, and disinfection is easy