Cyber attack on German steel factory caused severe damage

The annual IT security report issued by the German BSI reported that a sophisticated cyber attack on a steel factory caused severe damage.

A cyber attack could cause serious damage to a production plant or a facility, we discussed several times this attack scenario that represents a nightmare for security experts and Intelligence agencies. The news of the day is that a German steel factory suffered massive damage caused by a cyber attack on its network. According to the German Government, unknown hackers have infiltrated the production networks gaining the control of a blast furnace, as reported in the annual IT security report.

The attack started with a spear phishing email that was sent by attackers to the factory’s office networks, the threat actor once obtained the access to internal system moved its activity to production networks that was compromised too.

Once accessed the production networks the systems were compromised by the attackers and the report states that single components inside the plant started to fail frequently showing several anomalies.

The continuous failures observed by the internal staff caused a serious anomaly to one of the plant’s blast furnaces, the expert report that it was impossible to shut down it in a controlled manner.

The cyber attack on the system controlling the blast furnaces resulted in “massive damage to plant,” as explained in the document issued by the BSI. The experts consider the attack very sophisticated, the document describes the technical skills of the attacker as “very advanced.”

The cyber attack is considered  by experts sophisticated because the attackers have shown a deep knowledge of a variety of different industrial components that were hacked in the incursion.

The cyber attack recalled in the minds of the experts the events that occurred in the case Stuxnet, when the virus compromised the centrifuges in the Iranian nuclear plant of Natanz.

Cyber weapons are a reality and other cyber attacks could cause serious damage in the next future.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  Cyber weapon, cyber attack)