Skip to main content

Cyber warfare? China hacked 13 key US pipeline operators from 2011-2013, according to a harrowing advisory from the FBI and CISA.

SAN RAFAEL, CALIFORNIA – On July 20th, the FBI and CISA announced that Chinese state-sponsored attackers breached 13 US oil and gas pipeline companies between 2011 and 2013. Attackers gained access via spear-phishing campaigns targeting employees of the pipeline companies.

23 Pipeline Operators Were Targeted

“Overall, the US Government identified and tracked 23 US natural gas pipeline operators targeted from 2011 to 2013 in this spearphishing and intrusion campaign. Of the known targeted entities, 13 were confirmed compromises, 3 were near misses, and 7 had an unknown depth of intrusion,” the advisory states.

The advisory also provides a list of mitigation strategies which energy companies should implement for better defense moving forward.

What was the motive?

It appears these attacks were executed for intelligence gathering, and to potentially unleash larger attacks in the future. Unlike most for-profit hacking, the end goal here was not strictly financial gain.

“CISA and FBI assess that these intrusions were likely intended to gain strategic access to the ICS networks for future operations rather than for intellectual property theft. This assessment was based on the content of the data that was being exfiltrated and the TTPs used to gain that access.”

Any relation to the Colonial Pipeline?

It is unclear if or how these years-old attacks may be related to the massive Colonial Pipeline ransomware attack in 2021. It should be noted, however, that after the Colonial Pipeline shutdown, the Department of Homeland Security (DHS) announced new pipeline cybersecurity requirements for pipeline owners and operators.

The new directive empowers DHS to identify and respond to cyber threats which target US infrastructure.

Related: Fuel to the Fire: Takeaways from the Colonial Pipeline Attack