Telvent Canada Ltd. recently notified its customers that its internal firewall and security systems were breached.
"Telvent said the attacker(s) installed malicious software and stole project files related to one of its core offerings -- OASyS SCADA -- a product that helps energy firms mesh older IT assets with more advanced 'smart grid' technologies," writes Krebs on Security's Brian Krebs. "The firm said it was still investigating the incident, but that as a precautionary measure, it had disconnected the usual data links between clients and affected portions of its internal networks."
According to Krebs, the letter sent to customers stated, "Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent."
"The company said it had established 'new procedures to be followed until such time as we are sure that there are not further intrusions into the Telvent network and that all virus or malware files have been eliminated,'" writes Wired's Kim Zetter.https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
"The Telvent attack is worrisome, given the enormous presence the company has within energy companies in North America, said Dale Peterson, CEO of Digital Bond, a consulting company that specializes in control system security," writes Computerworld's Jaikumar Vijayan. "The OASyS project files pertained to a product used to integrate an energy company's backend networks with new smart-grid technology. But if hackers got access to those files, they likely gained access to project files involving other Telvent products used to manage oil and natural gas pipelines, Peterson said."
"According to Dell Secureworks malware researcher Joe Stewart, the digital fingerprints left behind by the attackers point to a Chinese hacking team known as the 'Comment Group,'" writes iTnews' Juha Saarinen. "The 'Comment Group' has been dubbed 'Byzantine Candour' by US intelligency for its use of HTML comments. It is thought to be connected to China's People's Liberation Army."