China compromised US pipelines in 10-year-old cyberattack, says US

Previously, senior administration officials warned that China, Russia and others were capable of such computer intrusions. But rarely has so much information been published about a specific and apparently successful campaign.

Between 2011 and 2013, Chinese state-sponsored hackers targeted nearly two dozen US oil and natural gas pipeline operators with the specific purpose of “endangering US pipeline infrastructure,” said the Federal Bureau of Investigation and the Department of Homeland Security alert.

Of the known targets, 13 were successfully compromised and another eight suffered an “unknown depth of intrusion,” which officials were unable to fully assess because the victims did not have complete computer log data, according to the report. ‘alert. Three other targets were described as “near misses” to the Chinese campaign, which relied heavily on spear phishing attacks.

“This activity was ultimately intended to help China develop cyberattack capabilities against US pipelines to physically damage pipelines or disrupt pipeline operations,” the alert said. He added that the Chinese appeared to be carrying out the attack as part of an overall goal of gaining “strategic access” to industrial control systems for “future operations rather than the theft of intellectual property.”

The FBI and DHS said they were first informed of several targeted attacks on oil and gas companies in April 2012 and provided remediation services to known victims affected in 2012 and 2013.

Dan Coats, who served as director of national intelligence under former President Donald Trump, issued a public warning in January 2019 that China was capable of launching cyber attacks that could disable critical US infrastructure “like disruption of a pipeline for days or even weeks. “Mr. Coats’ testimony referred at least in part to the hacking campaign more fully detailed in Tuesday’s alert,” a person familiar with the matter said.

The Biden administration publicly blamed hackers affiliated with China’s main intelligence service for a large-scale cyberattack on Microsoft on Monday Corp.

messaging software this year, as part of a global effort by dozens of countries to condemn Beijing’s malicious cyber activity. The public shame, however, did not include punitive measures, such as sanctions or diplomatic expulsions by the United States.

Chinese officials said the detailed US findings on Monday were “baseless attacks.” Chinese officials did not immediately respond to a request for comment on US allegations of pipeline trespassing.

The latest details of China’s hacking operations arrived on Tuesday as the Biden administration separately released new cybersecurity requirements for U.S. pipeline operators aimed at guarding against ransomware and other forms of disruptive hacking. The demands were announced months after a Russian-based criminal hacking group forced a major fuel line on the east coast to shut down for nearly a week.

The Transportation Security Administration directive is the first of its kind to require certain pipeline operators designated by the federal government as essential to adopt specific cybersecurity standards. It follows an earlier TSA directive in May that required pipelines to notify federal authorities when they are the target or victims of cyber attacks.

“The lives and livelihoods of the American people depend on our collective ability to protect our nation’s critical infrastructure against evolving threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement. “With this security directive, DHS can better ensure that the pipeline industry takes the necessary steps to protect its operations from growing cyber threats and better protect our national and economic security. “

The directive is the latest sign that the Biden administration intends to fit into pipeline safety more directly than the Trump, Obama and Bush administrations, which have delayed the pipeline industry’s desire to avoid regulations on physical security and cybersecurity and have instead fostered a more collaborative approach. .

Officials in the Biden administration did not make the text of the directive immediately available. In a statement, DHS said it would require TSA-designated owners and operators of critical pipelines to “implement specific mitigation measures to protect against ransomware attacks and other known threats.” and plan for recovery plans.

The cybersecurity of critical infrastructure has become of concern to officials in the Biden administration following the Colonial Pipeline ransomware attack in May, which was followed by a rapid series of other high-profile ransomware episodes. linked to criminal groups in Russia, including one that briefly disrupted a meat processing business.

U.S. intelligence officials have for years warned of the risk that a foreign adversary could endanger national or economic security with a destructive cyberattack on banks, hospitals or the energy industry. In 2018, for example, the Trump administration accused the Russian government of years of cyber attacks targeting US energy infrastructure, including nuclear and water facilities, which in some cases led to remote access to some compromised computer networks. .

China’s ten-year campaign against pipelines appears to be one of the most successful operations ever. Tuesday’s alert said Chinese hackers stole documents from victims, including passwords and system manuals, and compromised so-called jump points between corporate networks and operational networks that control pipelines.

“All of this information would allow actors to access the networks (industrial control system) via several channels and would provide sufficient access to allow them to remotely perform unauthorized operations on the pipeline with physical consequences,” said he declared.

Write to Dustin Volz at [email protected]