14 DAY TRIAL // Present at the Black Hat conference in Las Vegas, Trend Micro researcher Kyle Wilhoit has shown that hackers of the infamous Chinese state-sponsored hacking group APT1 (Comment Crew) are actively targeting industrial control systems (ICS).
Experts and US officials have often warned that critical infrastructure is targeted by hackers, but the proof provided by Wilhoit is the most significant yet, MIT’s Technology Review informs.
The researcher has set up a fake water plant apparently based in the United States. He used this honeypot to observe cyberattacks launched against such ICS.
According to Wilhoit, the attack launched by the Chinese army-backed hackers started in December 2012. The attackers utilized a cleverly crafted Word document designed to install malware.
The security professional is confident that the attack on the honeypot has been intentional.
“I actually watched the attacker interface with the machine. It was 100 percent clear they knew what they were doing,” he told Technology Review.
The APT1 group is not the only one targeting critical infrastructure. The 12 honeypots set up by the expert to look like they’re located in eight different countries suffered 74 attacks between March and June 2013.
Ten of the attacks were sophisticated, allowing the cybercriminals to gain complete control of the targeted systems.
Of all the non-critical hacking operations, 67% originated in Russia. As far as the critical attacks are concerned, around half have been traced back to China. The rest came from Germany, the UK, France, Palestine, and Japan.
It’s worth noting that the decoy industrial control systems have been made to look like they’re based in Ireland, Russia, Singapore, China, Japan, Australia, the US, and Brazil.
Although no major attacks have been staged so far, the concerning fact is that water plants and other facilities are being successfully compromised. And the worst part, according to Wilhoit, is that engineers probably don’t know that these attacks are taking place.