A report released this week from Germany’s Federal Office for Information Security said that a German steel manufacturing plant was severely damaged by a cyber-physical attack this year.
The incident was mentioned in an annual report by the Bundesamt für Sicherheit in der Informationstechnik (or BSI), which provided a summary of cyber security issues and incidents affecting Germany. According to the report, a German steel manufacturing facility was the victim of a “targeted attack” that the report labeled an “APT” or “advanced persistent threat” style attack.
[Read more Security Ledger coverage of APT-style attacks.]
The attackers used a sophisticated spear-phishing e-mail and social engineering to get access to the office network at the steelworks, the report claims. “From there, they worked successively to production networks.” The malicious code disrupted the function of control system components that led to a blast furnace not being able to be turned off in a regulated fashion. “The result (was) massive damage to the system,” the report reads.
The attackers behind the incident displayed both hacking prowess and an in-depth knowledge of the steelwork’s IT network. More concerning, the attackers displayed “detailed knowledge on applied industrial control and production processes,” the report said.
Cyber-physical attacks, which involve software being used to inflict physical damage, are rare. However, they are a growing concern as more pieces of critical infrastructure become connected – directly or indirectly- to IP-based networks and the public Internet.
Stuxnet, the malicious software that was used to disrupt Iran’s Uranium enrichment operations, was widely considered the first “cyber physical” attack. However, in recent weeks, reports have surfaced of an earlier attack, on a gas pipeline in Turkey, that may predate Stuxnet.