IN-DEPTH: Chinese Hackers Breached 13 US Gas Pipeline Operators in Two Years

The US and China are constantly at loggerheads over various issues including cybersecurity. In the latest development, the US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that Chinese state-sponsored hackers successfully breached 13 US natural gas pipeline operators from 2011 through 2013.

It has announced that the Chinese-backed hackers focused, and in many instances breached, practically two dozen corporations that operate such pipelines.

13 were Confirmed Compromises, 3 were Near Misses, and 8 Had an Unknown Depth of Intrusion

Of 23 operators of pure gasoline pipelines that had been subjected to a kind of electronic mail fraud referred to as spear phishing, 13 had been efficiently compromised, whereas three had been "near misses." The extent of intrusions into seven operators was unknown as a result of an absence of information.

The security agency said the US federal government had specifically attributed the attacks to state-sponsored forces backed by the Chinese government. "The US government has attributed this activity to Chinese state-sponsored actors. CISA and the FBI assess that these actors were specifically targeting US pipeline infrastructure for the purpose of holding US pipeline infrastructure at risk," the advisory said.

Cyber security
Cyber security Pixabay

According to US security agencies, the main purpose of these attacks was to assist China develop cyberattack capabilities against US pipelines to physically damage pipelines or disrupt pipeline operations.

The Latest Hacking Allegations Come as Biden Administration Unveils New Cybersecurity Rules for Pipeline Operators

The Department of Homeland Security on Tuesday announced new requirements for US pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast, reported AP.

In a statement, DHS said it would require operators of federally designated critical pipelines to implement "specific mitigation measures" to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a "cybersecurity architecture design review."

Chinese Hackers Stole Documents from Victims, Including Passwords and System Manuals

The FBI and DHS said they first became aware of multiple targeted attacks on oil-and-gas companies in April 2012 and provided remediation services to known affected victims in 2012 and 2013, reported the Wall Street Journal. The decade-old Chinese campaign against pipelines appears to be one of the most successful operations ever mounted.

Tuesday's alert said the Chinese hackers stole documents from victims, including passwords and system manuals, and compromised so-called jump points between corporate networks and operational networks that control pipelines.

For the First Time, NATO Condemns China's Cyber Activities

The United States and its foreign allies on Monday accused China of overseeing widespread attempts to extort money in cyberspace. US security agencies had issued a new advisory about a major threat to the cyberspace assets of the United States and its allies from Chinese state-sponsored cyber activities, including ransomware attacks.

cyber attack
Cyber security Pixabay

An unprecedented group of US allies and partners, including the EU, the UK, Australia, Canada, New Zealand, Japan, and NATO, joined in exposing and criticising China's Ministry of State Security's malicious cyber activities. This is the first time NATO has condemned China's cyber activities.

In a coordinated announcement, a Joint Cybersecurity Advisory (CSA) issued on Monday states that state-backed cyber actors aggressively target political, economic, military, educational, and critical infrastructure (CI) to steal sensitive data, and emerging key technologies, intellectual property, and personally identifiable information (PII).

Meanwhile, China had denied accusations that actors linked to its government were behind the Microsoft Exchange hack and other "malicious cyber activities."

Related topics : Cybersecurity