The Christian Science Monitor's Mark Clayton reports that the U.S. Department of Homeland Security has issued confidential alerts stating that a "major cyber attack" is currently hitting computer networks at natural gas pipeline companies in the United States.
"At least three confidential 'amber' alerts -- the second most sensitive next to 'red' -- were issued by DHS beginning March 29, all warning of a 'gas pipeline sector cyber intrusion campaign' against multiple pipeline companies," Clayton writes. "But the wave of cyber attacks, which apparently began four months ago -- and may also affect Canadian natural gas pipeline companies -- is continuing."
According to Clayton, the amber alerts included an unusual level of detail, including file names, IP addresses and other information that companies could use to determine whether their own networks had been breached.
The alerts also asked companies not to take action against the attacks, but to allow the attacks to persist as long as the company's operations weren't endangered.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
While the alerts don't indicate that any pipeline operations have been affected at this point, Clayton notes that a breach of a company's corporate system could provide an attacker with access to industrial control systems. "Those systems, if infiltrated, could allow hackers to manipulate pressure and other control system settings, potentially reaping explosions or other dangerous conditions," he writes.
In a recently-released monthly report [PDF file], the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) confirmed the attacks, stating, "ICS-CERT is currently engaged with multiple organizations to identify the scope of infection and provide recommendations for mitigating it and eradicating it from networks."
The ICS-CERT report describes the attacks as a spear-phishing campaign that appears to have been launched in December of last year, targeting a tightly focused list of people within each organization with "convincingly crafted" e-mails that appear to be sent from trusted colleagues.