Chinese Hacking Team Caught Taking Over Decoy Water Plant

So who's idea was it to make critical infrastructure accessible via the internet?

A hacking group accused of being operated by the Chinese army now seems to be going after industrial control systems.

A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality, a researcher revealed on Wednesday.

The group, known as APT1, was caught by a research project that provides the most significant proof yet that people are actively trying to exploit the vulnerabilities in industrial control systems. Many of these systems are connected to the Internet to allow remote access (see “Hacking Industrial Systems Turns Out to Be Easy”). APT1, also known as Comment Crew, was lured by a dummy control system set up by Kyle Wilhoit, a researcher with security company Trend Micro, who gave a talk on his findings at the Black Hat conference in Las Vegas.

The attack began in December 2012, says Wilhoit, when a Word document hiding malicious software was used to gain full access to his U.S.-based decoy system, or “honeypot.” The malware used, and other characteristics, were unique to APT1, which security company Mandiant has claimed operates as part of China’s army (see “Exposé of Chinese Data Thieves Reveals Sloppy Tactics”).


Chinese Hacking Team Caught Taking Over Decoy Water Plant | MIT Technology Review
#2  Top Rated Post
Power to water plants- Critical infrastructure is easier to get into than Community College. Where have you been?

Similar Threads

Chinese military cyber hacking clip
by Sparrow | Aug 25th, 2011