Published November 04, 2015
The US Department of Homeland Security identified a series of cyber attacks targeting natural gas companies in recent months, raising a red flag over potential threats to the nation's infrastructure.
The agency's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said in its latest monthly report that it uncovered "an active series of cyber intrusions targeting natural gas pipeline sector companies."
It was not immediately clear whether the attacks were aimed at the actual pipeline network or the broader companies operating in the sector.
ICS-CERT said that an alert was issued to natural gas companies to "ensure broad distribution to asset owners and operators," adding that officials were working with the sector to confirm the security compromise and determine the extent of "infection."
The department did not elaborate on the source of the attack but said it would continue to issue updates as new information is uncovered. The agency also said it is working with the FBI and other federal officials on the investigation.
According to a Tuesday news release from Natural Gas Intelligence (NGI), the attackers used so-called "spear-phishing" techniques, which employ Facebook and other sources to gather information about employees and send emails from alleged coworkers in order to trick them into revealing information or clicking on infected links.
"Analysis of the malware [malicious software] and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign. The campaign appears to have started in late December 2011 and is active today," according to an ICS-CERT statement cited by NGI.
The discovery comes as US officials scramble to improve security of the nation's vulnerable computer networks. Late last month, the Obama administration threatened to veto a controversial cyber security bill recently approved by the House of Representatives.
The Cyber Intelligence Sharing and Protection Act, known as CISPA, intends to defend US industries and corporate networks against the threat of cyber attacks. But critics say it encroaches on civil liberties by allowing internet companies to share information about what their customers do online with the IRS, Department of Homeland Security and the National Security Agency.