Cyberattack Inflicts Massive Damage on German Steel Factory

 

A cyber attack on a German steelworks caused severe physical damage to the facility, according to government report.
A cyber attack on a German steelworks caused severe physical damage to the facility, according to government report.

A report released this week from Germany’s Federal Office for Information Security said that a German steel manufacturing plant was severely damaged by a cyber-physical attack this year.

The incident was mentioned in an annual report by the Bundesamt für Sicherheit in der Informationstechnik (or BSI), which provided a summary of cyber security issues and incidents affecting Germany. According to the report, a German steel manufacturing facility was the victim of a “targeted attack” that the report labeled an “APT” or “advanced persistent threat” style attack. 

[Read more Security Ledger coverage of APT-style attacks.]

The attackers used a sophisticated spear-phishing e-mail and social engineering to get access to the office network at the steelworks, the report claims. “From there, they worked successively to production networks.” The malicious code disrupted the function of control system components that led to a blast furnace not being able to be turned off in a regulated fashion. “The result (was) massive damage to the system,” the report reads.

The attackers behind the incident displayed both hacking prowess and an in-depth knowledge of  the steelwork’s IT network. More concerning, the attackers displayed “detailed knowledge on applied industrial control and production processes,” the report said.

Cyber-physical attacks, which involve software being used to inflict physical damage, are rare. However, they are a growing concern as more pieces of critical infrastructure become connected – directly or indirectly- to IP-based networks and the public Internet.

Stuxnet, the malicious software that was used to disrupt Iran’s Uranium enrichment operations, was widely considered the first “cyber physical” attack. However, in recent weeks, reports have surfaced of an earlier attack, on a gas pipeline in Turkey, that may predate Stuxnet.

Read more via Cyberattack on German steel factory causes ‘massive damage’ | ITworld.

2 Comments

  1. Pingback: Cyberattack Inflicts Massive Damage on German Steel Factory | InfoWar.com

  2. Ï am not sure if the following is correct??

    “”However, in recent weeks, reports have surfaced of an earlier attack, on a gas pipeline in Turkey, that may predate Stuxnet.””

    If I am not mistaken, the early attack was on a soviet pipeline in Siberia or eastern Russia; when they build the pipeline the soviets used pirated Canadian control program; some how they have missed the time bomb incorporated into the software; The open source material claimed it was the largest non-nuclear man made explosion ever; I suspect one may find it on the internet further details; or also it was referenced at one of Cyber War books …