A provider of software that helps large swaths of the energy industry remotely monitor and control sensitive equipment is investigating a sophisticated hacker attack that managed to penetrate its internal defenses, according to a published report.
Malware signatures installed on the systems operated by Telvent Canada Ltd. strongly suggest the attack involved a Chinese hacker group known as the "Comment Group," KrebsOnSecurity reporter Brian Krebs wrote in an article published on Wednesday. Over the past few years, the group has targeted a variety of Fortune 500 companies, presumably to obtain blueprints, software source code, and other intellectual property that will allow Chinese industries to catch up to their Western counterparts.
In a series of letters sent to customers over the past week, Telvent Canada officials warned that the company's internal firewall and security systems were breached and malware was installed. Files related to one of its core offerings—a product known as OASyS SCADA, which helps energy firms "mesh older IT assets with more advanced 'smart grid' technologies"—were also taken during the intrusion, according to Krebs.
"In order to be able to continue to provide remote support services to our customers in a secure manner, we have established new procedures to be followed until such time as we are sure that there are not further intrusions into the Telvent networks and that all virus or malware files have been eliminated," a September 10 letter obtained by Krebs said. "Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent."
The intrusion underscores the vulnerability of industrial control systems, which use networked computers to flip switches, open valves, and manipulate other types of physical equipment located in dams, gasoline refineries, and other critical infrastructure. Many security experts have long exhorted companies to keep SCADA, or supervisory control and data acquisition, and other such systems separate from the Internet and other public networks. The cost savings of being able to remotely control equipment that is often remote and hard to physically access is mostly viewed as a benefit that outweighs the risk.
reader comments
31