Biden admin reveals China compromised 13 US pipeline companies in cyber attacks from 2011 to 2013
The Biden administration has confirmed that ‘state-sponsored Chinese actors’ compromised 13 US pipeline companies as part of a ‘spearphishing and intrusion campaign’ from 2011 to 2013.
The coordinated cyber attack targeted 23 pipeline companies in total, according to a report coauthored by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
Just three of the remaining companies were detected to be safe thanks to ‘near misses,’ while eight had an ‘unknown depth of intrusion.’
The attacks began in December 2011 and lasted through at least February 2012, when employees of the targeted oil and gas companies received fake emails containing malicious files.
These emails were ‘constructed with a high level of sophistication,’ authorities report.
The Biden administration confirmed on Tuesday that 23 pipeline companies were targeted and 13 were successfully compromised by ‘state-sponsored Chinese actors’
One company told authorities that personnel in their engineering department were contacted by phone multiple times and asked about their network security systems, by someone who identified themselves as a security firm employee conducting a nationwide survey about cybersecurity practices.
However, the caller ID had been blocked and efforts to return the call discovered a number that was not in service.
Chinese actors gained access to personnel lists, usernames, passwords and phone numbers through the attack.
Intel agencies named dial-up modems, which have been increasingly outdated with the use of broadband and are a relatively simple and cheap way to get internet access, as easy targets with ‘little or no security and no monitoring’ and were used as access points for hackers.
Dial-up modems are still commonly used within the energy sector.
‘These intrusions were likely intended to gain strategic access to the ICS networks for future operations rather than for intellectual property theft,’ intelligence officials write.
But the state-sponsored actors ‘made no attempts to modify the pipeline operations of systems they accessed.’
The report was co-authored by the Federal Bureau of Investigations (DC headquarters pictured here) and the Cybersecurity and Infrastructure Security Agency
China has previously denied being responsible for a massive hack of Microsoft servers after it was accused in a rare joint statement by the US, UK, EU, Australia, NATO and others.
Chinese diplomats branded the allegation ‘groundless and irresponsible’ on Tuesday while dubbing Washington ‘the world champion of malicious cyber attacks’.
America made the allegations after a hack of Microsoft Exchange servers in January that affected some 30,000 organizations worldwide including defense contractors and think-tanks.
Joe Biden compared the hack to attacks emanating from Russia, saying that Beijing may not be directly responsible but is protecting those who are.
He added that US intelligence is carrying out an investigation into the hack, which affected at least 30,000 businesses, and may take action once it is completed.
China has denied being responsible for a massive hack of Microsoft servers earlier this year that affected at least 30,000 organizations worldwide (file image)
US Secretary of State Antony Blinken said the attack on Microsoft Exchange, a top email server for corporations around the world, was part of a ‘pattern of irresponsible, disruptive and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.’
China’s Ministry of State Security, or MSS, ‘has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,’ Blinken said in a statement.
In a simultaneous announcement, the US Department of Justice said four Chinese nationals had been charged with hacking the computers of dozens of companies, universities and government bodies between 2011 and 2018.
The statement also singled out a hack of Microsoft Exchange servers that began in January this year and affected at least 30,000 organizations worldwide.
A group known as Hafnium is believed to have identified a weakness in the servers in January, and begun inserting ‘backdoors’ into systems using them which they could return to later, the BBC reported.
The operation targeted defense contractors, think tanks and universities, and appears to have initially been aimed at surveillance and covert data-gathering.
But in February the operation massively expanded into a ‘smash and grab’ raid on the servers after several other hacking groups piled in.
It is thought Hafnium became aware that Microsoft had identified the vulnerability they were exploiting and planned to close it, prompting them to share its existence and causing the pile-on.
Pointing to the indictment, Blinken said the United States ‘will impose consequences on (Chinese) malicious cyber actors for their irresponsible behavior in cyberspace.’
In a step the Biden administration hailed as unprecedented, the United States coordinated its statement Monday with allies – the European Union, Britain, Australia, Canada, New Zealand, Japan and NATO.
The Chinese embassy in New Zealand issued a swift rebuttal of the ‘totally groundless and irresponsible’ allegations.
It was backed up by the embassy in Australia, as China took a coordinated stance of its own, accusing Canberra of ‘parroting the rhetoric of the US.’
‘It is well known that the US has engaged in unscrupulous, massive and indiscriminate eavesdropping on many countries including its allies,’ the embassy said in a statement.
‘It is the world champion of malicious cyber attacks.’
Biden, like his predecessor Donald Trump, has ramped up pressure on China, seeing the rising Asian power’s increasingly assertive moves at home and abroad as the main long-term threat to the United States.
Allies backed up the castigation of China with British Foreign Secretary Dominic Raab describing the cyberattack as ‘reckless.’
NATO offered ‘solidarity’ over the Microsoft hacking without directly assigning blame, while noting that allies United States, Britain and Canada found China to be responsible.
State Department spokesman Ned Price said it was the first time NATO – the military alliance whose members include Hungary and Turkey, which have comparatively cordial relations with Beijing – has condemned cyber activity from China.
The Microsoft hack was carried out by the Hafnium group which used a vulnerability in servers to spy on organisations, before a mass pile-on when details of the ‘back door’ were shared
It comes weeks after NATO took up China at a summit attended by Biden.
‘We know we’ll be stronger, we know we’ll be more effective when we act collectively,’ Price said, saying the United States was not ruling out further action.
Biden has promised a strategy driven by alliances to face Beijing, drawing a contrast with Trump’s predilection for harsh rhetoric.
Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, praised the ‘breadth and depth of international cooperation’ in clearly attributing responsibility to China.
‘In addition to the indictments, we need to follow through to ensure there are consequences to induce changes in the Chinese government’s behavior and hopefully move toward leveling the cyber playing field,’ he said.
The Microsoft hack, which exploited flaws in the Microsoft Exchange service, affected at least 30,000 US organizations including local governments as well as organizations worldwide.
‘Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them,’ Blinken said in his statement.
‘These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll.’
Accusations of cyberattacks against the United States have recently focused on Russia, rather than China.
US officials say that many of the attacks originate in Russia, although they have debated to what extent there is state involvement. Russia denies responsibility.
This year has seen a slew of prominent ransomware strikes that have disrupted a major US pipeline, a meat processor and the software firm Kaseya, which affected 1,500 businesses.
Last week, Washington offered $10 million for information about foreign online extortionists.