Chinese hackers steal files from SCADA maker

Chinese attackers haved allegedly hacked and stolen data from the systems of global energy equipment supplier Telvent.

The company, part of French conglomerate Schneider Electric, alerted its customers to a breach of its internal firewall and security systems this month, which it said had led to the project files for one if ts most important products being stolen by the hackers.

In a letter sent to Telvent customers, and obtained by noted security commentator Brian Krebs, the company said it was still investigating the issue.

It had "established new procedures to be followed" until the company could remove any vulnerabilities or remaining malware from the asttack.

Telvent, which has around 6000 employes in 19 countries around the world, makes supervisory control and data acquisition (SCADA) systems used to secure and manage critical infrastructure for energy companies.

Project files related to Telvent's key product, the OASys SCADA, were stolen in the intrusion.

The system is used to manage smart grid implementations as well as for oil and gas pipeline telemetry and monitoring systems.

A second letter from Telvent to customers affected by the breach listed some of the malware files and domain names and IP addresses used for control and command.

According to Dell Secureworks malware researcher Joe Stewart, the digital fingerprints left behind by the attackers point to a Chinese hacking team known as the "Comment Group". 

The "Comment Group" has been dubbed "Byzantine Candour" by US intelligency for its use of HTML comments. It is thought to be connected to China's People's Liberation Army.

The group rose to prominence in 2008 after hacking the presidential campaigns of Barack Obama and John McCain, in the large-scale Operation Shady Rat attack.

Several western organisations in Europe and North America were infiltrated in a attack by the Comment Group in July this year, Bloomberg reported.

Organisations in that attack included defence contractor Halliburton, law firms, government departments, and companies involved in the energy sector.

Emails from European Union president, Herman van Rompuy, were also copied, and 11 officials had their internal communications intercepted as the hackers accessed the EU computers four times.

Last year, the Comment Group also managed to break into the Diablo Canyon nuclear powerplant in California. It stole a mailing list with the addresses of subscribers to a nuclear management newsletter and proceeded to send them emails laden with spyware.