The Biden administration has uncovered new details about China’s cyber-attacks on US critical infrastructure that begin nearly a decade ago, amid ongoing efforts to uncover what the US and its allies say is the scale of China’s malicious cyber-attacks targeting the US and other foreign targets .
Between December 2011 and 2013, China-sponsored attackers targeted US oil and gas companies to develop the cyber attacks needed to disrupt and damage US oil pipelines, according to Tuesday’s FBI and Security Agency for Cyber Security and Infrastructure. The federal government said it had previously informed victims and others about cyber attacks in 2012, but did not release all the details until this week.
“A total of 23 U.S. natural gas pipeline operators have identified and monitored a total of 23 U.S. natural gas pipeline operators in this spearphishing and intrusion campaign in 2011-2013,” the FBI and CISA warned. “Of the known targeted entities, 13 were confirmed compromises, three were almost missed, and eight had an unknown penetration depth.”
Spearphishing is a scam that uses electronic communication, often e-mail, to gain improper access or to deceive someone who is sharing information.
New details of the alleged Chinese attacks offer a broader picture of Beijing’s cyberspace goals – from private companies to government institutions – and suggest that there are not a single Russian hacker behind the attack on US critical infrastructure.
While the US government pointed to Russian attackers involved in a ransomware attack on a major US fuel supplier, Colonial Pipeline, earlier this year, details of alleged Chinese targeting suggest that the pipeline industry is under attack in several different directions.
The government promoting the ten-year-old attack from China has been distributed along with another federal government directive urging oil companies to take cyber security seriously. The “Security Directive” issued on Tuesday by the Transport Security Administration ordered the government’s designated critical pipelines to “implement specific mitigation measures” to protect against ransomware attacks.
The TSA previously issued a safety directive for the pipeline industry in May, and the agency did not provide details in Tuesday’s announcement explaining the new cyber security measures it had ordered.
Reports of China’s cyber attacks on US pipelines have not been included in a coordinated global publicity campaign by the United States and allies in Asia and Europe, accusing China of hacking Microsoft Exchange servers threatening tens of thousands of computers and other malicious cyber activities, including a ransomware attack.
Microsoft first publicly unveiled the Microsoft Exchange Server hack in March 2021 in a statement stating that it had “high confidence,” the attacker being a state-sponsored group operating from China.
When the federal government officially blamed China more than three months later, a senior Biden administration official said the timing of Monday’s announcement stemmed from his desire for allies to join the campaign as a warning to Beijing. The official also said the importance of the US federal government, which wants to have “high confidence” in its own claims, and the government, which wants to provide networked information about alleged Chinese hacking.
In a report posted on Twitter, Chinese Foreign Ministry spokesman Zhao Lijian dismissed the US government and condemned its allies as “baseless allegations.”
The FBI and CISA warnings on Tuesday provided an extensive breakdown of China’s alleged cyber attacks on US gas pipelines, including compromise indicators and other technical information showing attackers’ tactics and techniques.