China Compromised More than a Dozen US Pipelines Between 2011 and 2013

'Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry,' reports the Wall Street Journal.

The disclosure of previously classified information about the aggressive Chinese hacking campaign, though dated, underscored the severity of foreign cyber threats to the nation's infrastructure, current and former officials said. In some cases, the hackers possessed the ability to physically damage or disrupt compromised pipelines, a new cybersecurity alert said, though it doesn't appear they did so. Previously, senior administration officials had warned that China, Russia and others were capable of such cyber intrusions. But rarely has so much information been released about a specific and apparently successful campaign.

Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of 'holding U.S. pipeline infrastructure at risk,' the Federal Bureau of Investigation and the Department of Homeland Security said in Tuesday's joint alert. Of the known targets, 13 were successfully compromised and an additional eight suffered an 'unknown depth of intrusion,' which officials couldn't fully assess because the victims lacked complete computer log data, the alert said. Another three targets were described as 'near misses' of the Chinese campaign, which relied heavily on spear phishing attacks.

Newsweek adds that the same day the U.S. Department of Homeland Security 'announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast.'
In a statement, DHS said it would require operators of federally designated critical pipelines to implement 'specific mitigation measures' to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a 'cybersecurity architecture design review.'

Read more of this story at Slashdot.