Physical damage

Sophisticated cyberattack damaged German steel plant, report says

Skilled hackers caused serious damage at a German steel mill sometime during this year, according an annual security roundup issued Wednesday by the country’s Federal Office for Information Security (BSI).

According to the report, the previously undisclosed attack caused “massive damage” to a blast furnace by targeting internal systems and industrial components, making it impossible to shut down the furnace in a regulated way.

The BSI said the attackers displayed “very advanced” capabilities, and that they used a “sophisticated spear phishing” technique to gain access to the core networks of the plant.

Spear phishing involves targeting specific individuals within an organization, by investigating them in order to figure out how best to dupe them into clicking some link they shouldn’t – British spy agency GCHQ reportedly did it in order to hack into Belgacom’s systems, for example. This is fairly textbook stuff, but once the attackers were in, they also knew their way around industrial control systems, the BSI indicated.

The most famous attack on industrial control systems remains Stuxnet, the nasty worm that the U.S. and Israel created to attack various Iranian facilities, most notably the Natanz uranium enrichment plant. Stuxnet destroyed hundreds of the Iranians’ centrifuges by making them spin out of control.

The BSI’s report didn’t say which steelworks were targeted this year, nor precisely when the attack took place.

3 Responses to “Sophisticated cyberattack damaged German steel plant, report says”

  1. It’s interesting a steel plant would be attacked and damaged though. If they were that sophisticated then you have to consider their intent was to damage the plant.
    A steel plant doens’t seem like an active target for a foreign power in peace time. So that makes one wonder if corprate espionage has come to a new realm of actively attacking competitors. Or possibly stock market manipulation was the goal.
    One thing I would guess though is that somebody or some compnay made profit from this and were behind the attack to that end.

      • Mr. Poopy

        Well aside from target practice, it’s not just for war, it’s for economic gain and manipulation. If you have this capability, you can extort money from organizations and people for “protection” and if it’s a publicly traded company, you can bring down production and make a killing shorting shares of the company on the stock exchange (Bond villain schemes).