Cyberattack on German steel factory causes 'massive damage'

A German steel factory suffered massive damage after hackers managed to access production networks, allowing them to tamper with the controls of a blast furnace, the government said in its annual IT security report.

The report, published Wednesday by the Federal Office for Information Security (BSI), revealed one of the rare instances in which a digital attack actually caused physical damage.

The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory’s office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organization. After the system was compromised, individual components or even entire systems started to fail frequently.

Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.”

The attack involved the compromise of a variety of different internal systems and industrial components, BSI said, noting that not only was there evidence of a strong knowledge of IT security but also extended know-how of the industrial control and production process.

The hack sounds similar to attacks involving the Stuxnet worm. Considered the first known cyberweapon, Stuxnet is believed to have been created by the U.S. and Israel to attack Iran’s nuclear program. Discovered in 2010, the worm has espionage and sabotage functionalities that were used to destroy up to 1,000 uranium enrichment centrifuges at a nuclear plant near the city of Natanz in Iran.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Related:
Download the CIO Nov/Dec 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.