Chinese Hacking Team Caught Taking Over Decoy Water Plant

Locutus

Adorable Deplorable
Jun 18, 2007
32,230
45
48
65
So who's idea was it to make critical infrastructure accessible via the internet?

A hacking group accused of being operated by the Chinese army now seems to be going after industrial control systems.

A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality, a researcher revealed on Wednesday.


The group, known as APT1, was caught by a research project that provides the most significant proof yet that people are actively trying to exploit the vulnerabilities in industrial control systems. Many of these systems are connected to the Internet to allow remote access (see “Hacking Industrial Systems Turns Out to Be Easy”). APT1, also known as Comment Crew, was lured by a dummy control system set up by Kyle Wilhoit, a researcher with security company Trend Micro, who gave a talk on his findings at the Black Hat conference in Las Vegas.


The attack began in December 2012, says Wilhoit, when a Word document hiding malicious software was used to gain full access to his U.S.-based decoy system, or “honeypot.” The malware used, and other characteristics, were unique to APT1, which security company Mandiant has claimed operates as part of China’s army (see “Exposé of Chinese Data Thieves Reveals Sloppy Tactics”).


more

Chinese Hacking Team Caught Taking Over Decoy Water Plant | MIT Technology Review
 

Goober

Hall of Fame Member
Jan 23, 2009
24,691
116
63
Moving
Power to water plants- Critical infrastructure is easier to get into than Community College. Where have you been?