The New York Times and the Washington Post are reporting that federal officials and the Department of Homeland Security have warned that they have uncovered a continuing series of attacks that appear to be probes exploring how to take over critical administrative control systems at around 10 major energy giants. One probe was involved in “chemical processes.”
The officials are concerned about “increasing hostility” against “U.S. critical infrastructure organizations,” according to the warning obtained by the Washington Post. The statement was released by DHS and ICS-Cert via a secure channel only accessible by authorized industry and government users.
“We are concerned by these intrusions, and we are trying to make sure they don’t lead to something much bigger, as they did in the Saudi [Aramco] case,” one senior American official told the Times.
In that instance, Saudi Aramco, the national energy company of Saudi Arabia and one of the largest oil producers in the world, saw its network taken down after a virus compromised security for about 75% of its terminals (30,000 workstations). The Shamoon virus was found to be behind that effort, deployed by Iran, officials believe.
DHS officials are reportedly surprised by the level of penetration into corporate systems that they have uncovered, and began an information-sharing initiative with the targets starting last week, saying that they believed the threat actors to be after a Stuxnet-style sabotage effort.
“Adversary intent extends beyond intellectual property theft to include the use of cyber to disrupt…control processes,” the ICS-Cert/DHS warning concluded.
Stuxnet was a virus used by the US and Israel to dismantle Iranian nuclear facilities in an attack that became widely publicized last year, which could be leading to retaliatory efforts. Officials said they were still hunting for the specific author of the current probing efforts, however.