Security News > 2021 > July > U.S. Government Attributes ICS Attacks to Russia, China, Iran
The U.S. government on Tuesday attributed several past attacks involving industrial control systems to Russian, Chinese and Iranian state-sponsored threat actors.
"CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations," the agencies said.
"The Chinese actors also exfiltrated information pertaining to ICS permission groups and compromised jump points between corporate and ICS networks. The totality of this information would allow the actors to access ICS networks via multiple channels and would provide sufficient access to allow them to remotely perform unauthorized operations on the pipeline with physical consequences," the agencies said.
The advisory contains indicators of compromise, as well as recommendations for the energy sector and other critical infrastructure owners on how to secure their systems against such attacks.
CISA has also updated a 2012 advisory on the Shamoon malware to note that the U.S. government attributes it to Iranian state-sponsored actors who have used it against ICS - although there is no evidence of targeted attacks aimed at ICS components or government organizations in the United States.
The attributions made on Tuesday specifically focus on attacks aimed at industrial systems.