State-sponsored Chinese cyber actors were behind attacks targeting dozens of US oil and natural gas pipeline companies a decade ago, according to an investigative report released by President Joe Biden’s administration.

The report found 23 natural gas pipeline operators were subjected to specifically targeted spear-phishing and intrusion campaigns from 2011, with 13 confirmed compromises and three near-misses.

Seven experienced an unknown level of intrusion, according to an alert issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

The Joint Cybersecurity Advisory report – co-authored by CISA and the FBI – said the ultimate intention of the campaigns was to help China develop cyberattack capabilities against US pipelines to physically damage them or disrupt operations.

According to the alert, “Chinese actors” started sending spear-phishing emails to employees of oil and natural gas organisations from late December 2011 to at least February 29, 2012. The emails were constructed with a high level of sophistication to convince the targets to view malicious files, it added.

CISA and the FBI said they started their investigation in April 2012 after receiving reports of targeted attacks at multiple pipelines sites and urged owners and operators of energy and other critical infrastructure networks to adopt a heightened cybersecurity defensive system.

Chinese foreign ministry spokesman Zhao Lijian denied the accusations and said the report had confused “right and wrong” and reflected Washington’s trick of “thief crying stop thief”.
“China firmly opposes and fights against all forms of cyberattacks,” Zhao said. “The US is the largest source of cyberattacks targeting China. Data in 2020 showed 53 per cent of the 42 million malicious cyber activities came from the US.”

Cybersecurity has become another front in the ongoing confrontations between the US and China, with both sides accusing each other of targeting sensitive industries around the world.

The CISA alert was issued just one day after the US, Britain, the EU and Nato accused China’s state security ministry of working with cyber actors to launch a massive hack of the Microsoft Exchange email server. Australia and New Zealand have also joined the coalition of accusers.

The Microsoft attack was discovered earlier this year and compromised “thousands of computers and networks that mostly belonging to private sector victims”, according to the US State Department.

It was the latest in a growing list of cyber espionage operations the US government claims are tied to China’s state security apparatus, including a scheme allegedly aimed at netting information on Covid-19 vaccines, military weapons and human rights activists. Two Chinese nationals were indicted last year in relation to the scheme.

Source: South China Morning Post 

BDST: 2034 HRS, JUL 25, 2021
SMS