Chinese hackers steal files from SCADA maker

Powered by SC Magazine

Military connection suspected.

Chinese attackers haved allegedly hacked and stolen data from the systems of global energy equipment supplier Telvent.

The company, part of French conglomerate Schneider Electric, alerted its customers to a breach of its internal firewall and security systems this month, which it said had led to the project files for one if ts most important products being stolen by the hackers.

In a letter sent to Telvent customers, and obtained by noted security commentator Brian Krebs, the company said it was still investigating the issue.

It had "established new procedures to be followed" until the company could remove any vulnerabilities or remaining malware from the asttack.

Telvent, which has around 6000 employes in 19 countries around the world, makes supervisory control and data acquisition (SCADA) systems used to secure and manage critical infrastructure for energy companies.

Project files related to Telvent's key product, the OASys SCADA, were stolen in the intrusion.

The system is used to manage smart grid implementations as well as for oil and gas pipeline telemetry and monitoring systems.

A second letter from Telvent to customers affected by the breach listed some of the malware files and domain names and IP addresses used for control and command.

According to Dell Secureworks malware researcher Joe Stewart, the digital fingerprints left behind by the attackers point to a Chinese hacking team known as the "Comment Group". 

The "Comment Group" has been dubbed "Byzantine Candour" by US intelligency for its use of HTML comments. It is thought to be connected to China's People's Liberation Army.

The group rose to prominence in 2008 after hacking the presidential campaigns of Barack Obama and John McCain, in the large-scale Operation Shady Rat attack.

Several western organisations in Europe and North America were infiltrated in a attack by the Comment Group in July this year, Bloomberg reported.

Organisations in that attack included defence contractor Halliburton, law firms, government departments, and companies involved in the energy sector.

Emails from European Union president, Herman van Rompuy, were also copied, and 11 officials had their internal communications intercepted as the hackers accessed the EU computers four times.

Last year, the Comment Group also managed to break into the Diablo Canyon nuclear powerplant in California. It stole a mailing list with the addresses of subscribers to a nuclear management newsletter and proceeded to send them emails laden with spyware.

Copyright © . All rights reserved.

Chinese hackers steal files from SCADA maker
Top Stories
How hard do you hack back?
[Blog post] Taking the offensive could have unintended consequences.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
The big winners from Defence’s back-office IT refresh
Updated: The full list of subcontractors.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats