Chinese hackers linked to breach of control systems used in electric grids

Filed Under: Data loss, Malware, Security threats, Vulnerability

electricity_170Attackers breached Telvent's network, the company has informed its customers in a letter. Telvent is the maker of an industrial control system that remotely controls smart grid networks used in portions of the electric grid.

Telvent told its customers that on Sept. 10, it learned that hackers had breached its internal firewall and security systems, implanted malicious software, and stolen project files.

According to KrebsOnSecurity, which first reported the breach, the project files concerned Telvent's OASyS SCADA product, which offers energy firms a bridge between older technology and advanced smart grid technologies.

Telvent, which is owned by Schneider Electric, told customers that the attack spans operations in the US, Canada and Spain.

Experts detected digital fingerprints implicating a Chinese hacking group that has been tied to cyber-espionage campaigns against Western interests.


KrebsOnSecurity cited Joe Stewart, director of malware research at Dell SecureWorks, who said that website and malware names mentioned in a more recent letter from Telvent can be traced to a Chinese hacking team known as the "Comment Group."

That group, often referred to as the Comment group, has been under investigation by US intelligence for years.

Researchers told Bloomberg that during two months of monitoring last year, targeted companies spanned a vast scale as data "bled from one victim to the next":

...from oilfield services leader Halliburton Co. (HAL) to Washington law firm Wiley Rein LLP; from a Canadian magistrate involved in a sensitive China extradition case to Kolkata-based tobacco and technology conglomerate ITC Ltd. (ITC)

A loose-knit group of some 30 North American private security researchers tracking the group have called the Comment Group one of the biggest and busiest hacking groups in China.

Bloomberg quoted Shawn Henry, former executive assistant director of the FBI in charge of the agency’s cyber division, who said that typical cybersecurity headlines about data breaches scarcely hint at the scope of the group's activities:

What the general public hears about — stolen credit card numbers, somebody hacked LinkedIn (LNKD) — that’s the tip of the iceberg, the unclassified stuff. … I’ve been circling the iceberg in a submarine. This is the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.

Evidence indicates that at least 20 organizations have been harvested for data, many of whose secrets could give China a leg up on its path to becoming the world’s largest economy.

Bloomberg cited unnamed security experts who said that the breaches have sprung data leaks in major oil companies, who've lost seismic maps charting oil reserves, while patent law firms have been squeezed for clients' trade secrets and investment banks have been targeted for market analysis regarding global ventures of state-owned companies.

Telvent said that investigations are still under way, but it's taken the precaution of severing data links between clients and the affected portions of its internal networks.

The company also said that it hasn't yet found evidence that the attackers had been able to compromise customers' systems:

Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent.

Telvent gave me this statement:

Telvent is aware of a security breach of its corporate network that has affected some customer files. Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained.

Meanwhile, the Obama adminstration and Congress have grown increasingly vocal about Chinese and Russian cyber espionage and attacks, with the White House close to completing the first draft of a cybersecurity executive order designed to bring about stronger cyber security around the nation's water, electrical and transportation systems.

It's a reasonable thing to call for stronger protection around vital infrastructure.

But as Reuters pointed out in a recent report on what one top US cybersecurity official called "reckless" cyber behavior from nation states, the US's right to complain about other nations' cyber warfare might be questionable, given what is by now a widespread belief that the US and Israel were behind Stuxnet.

electricity images courtesy of Shutterstock

, , , , ,

You might like

4 Responses to Chinese hackers linked to breach of control systems used in electric grids

  1. derp · 1072 days ago

    That's a fire sale in progress (but temporarily put on hold) that's unfolding right before our very eyes.

  2. Trent · 1072 days ago

    Stories like these make me think back, to the days before computers were running pretty much everything. Life seemed much simpler.

  3. Bedder · 1071 days ago

    Well done Televent for admitting the breach.
    International treaties are needed to recognise that data and systems integrity are a nation states inalienable right, in the same way as territorial rights. The UN is a failing organisation but we should have some international law on the matter.

  4. Hawks and Doves · 1071 days ago

    Comparing these attacks to Stuxnet is disingenuous at best. Stuxnet was designed and delivered to slow a terrorist supporting, radical, and oppressive regime from processing fissile materials to develop nuclear weapons; A specific bullet for a single target. The recent attacks are to gain unfair advantage over corporations (and nations) that are supposed to be engaged in fair and open trade.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.