China cyberspies suspected in new caper: what has experts worried
A China-based cyberespionage gang is suspected in the hacking of a major industrial control system firm in Canada. Experts warn the theft could facilitate creation of a cyberweapon.
A China-based cyberespionage gang has been linked to the infiltration of networks belonging to Telvent Canada, a major industrial control system company, in a case that some experts warn could facilitate creation of a dangerous cyberweapon.Skip to next paragraph
Subscribe Today to the Monitor
The cyberspies, thought to be from a gang that security researchers call the "Comment Group" or sometimes the "Shanghai group," slipped past a corporate firewall, installing malicious software on the network – then snatched project files related to one of Telvent's major software products, according to KrebsOnSecurity, a cybersecurity blog that first reported the breach Wednesday.
As cyberespionage hacks that become public go – Google created a furor when it said it had been hacked by Chinese cyber spies in early 2010 and at least some of its vital source code had been stolen – it's been a relatively low-key news event so far.
The Telvent hack became public Wednesday on the cybersecurity blog and was later confirmed by Telvent's parent, Paris-based Schneider Electric.
"Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained," Schneider Electric said. Just this month, Telvent announced a new relationship with Foxboro, Mass.-based Industrial Defender, a control systems security company.
But some cybersecurity professionals are waving a red flag over the Telvent hack. Dale Peterson, CEO of Digital Bond, a leading industrial control systems (ICS) security company in Sunrise Fla, says the Telvent attack looks much like one fragment of a far larger campaign targeting ICS vendors, whose products run the nation's critical industrial processes: pipelines, refineries, chemical plants, factories, and the electric grid.
Typically, stolen software code might help a perpetrator to leapfrog its competition in the global marketplace. But in the Telvent case the theft could facilitate creation of highly reliable and dangerous cyberweapons, he and other control system experts agree.
The apparent target of the Telvent attack was the firm's OASyS SCADA software program, which is used to operate an array of equipment from gas pipelines to the power grid.