Foreign actors probe systems of oil, gas operations, say cybersecurity researchers

Cybersecurity researchers say both Russia and China have sponsored hacking groups, often recruited from the cyber-underworld, to probe industrial control systems in the United States and Europe.

In 2011, an investigation by the security firm McAfee found that hackers allegedly linked to China infiltrated control networks of global oil and petrochemical companies in the United States and Europe in a two-year campaign designed to steal secrets about oil exploration, bidding, and production systems.

In 2013 and 2014, hackers allegedly linked to Russia tried to steal confidential information from oil and gas pipeline companies, power grid operators and other energy companies in the United States and Europe in a multiyear campaign, respectively dubbed Energetic Bear and Dragonfly by security firms that investigated the attacks, Kaspersky Lab and Symantec.

READ: Energy industry makes alluring target for hackers

The hackers sent emails with infected attachments to targeted executives and embedded malware in software updates for control systems that energy companies could download. Kaspersky Lab said the campaign targeted more than 2,800 organizations, including more than 500 in the United States, across several industries.

Symantec said the hacking group, focused on the energy sector, stole credentials workers used to access computers, and extracted data that allowed them to learn more about how industrial networks and operating systems were set up. This effort, it seems, was aimed at setting up ways to breach key points of energy infrastructure later, in case the group wanted to sabotage them in the future, said Eric Chien, a Symantec engineer.

Complicating the matter, most oil companies lack the technology and personnel to continually monitor industrial control systems for anomalous activity, federal cyber security officials and private security specialists said in interviews with the Houston Chronicle. In a report last year, Homeland Security said one of the glaring security flaws it found in industrial facilities was the lack of an ability to detect malicious activity on control systems.