US adds oil and gas targets to its claims of cyberattacks by China
- Homeland Security and FBI report says 23 operators were subjected to ‘sophisticated’ spear-phishing campaigns a decade ago
- Chinese foreign ministry spokesman Zhao Lijian refutes report, saying it ‘confuses right from wrong’
The report found 23 natural gas pipeline operators were subjected to specifically targeted spear-phishing and intrusion campaigns from 2011, with 13 confirmed compromises and three near-misses.
The Joint Cybersecurity Advisory report – co-authored by CISA and the FBI – said the ultimate intention of the campaigns was to help China develop cyberattack capabilities against US pipelines to physically damage them or disrupt operations.
According to the alert, “Chinese actors” started sending spear-phishing emails to employees of oil and natural gas organisations from late December 2011 to at least February 29, 2012. The emails were constructed with a high level of sophistication to convince the targets to view malicious files, it added.
CISA and the FBI said they started their investigation in April 2012 after receiving reports of targeted attacks at multiple pipelines sites and urged owners and operators of energy and other critical infrastructure networks to adopt a heightened cybersecurity defensive system.
Chinese foreign ministry spokesman Zhao Lijian denied the accusations and said the report had confused “right and wrong” and reflected Washington’s trick of “thief crying stop thief”.
