The latest incident response report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) -- part of DHS -- warns of an ongoing cyberattack against the computer networks of US natural gas pipeline companies.
ICS-CERT says it first identified an active series of cyber intrusions targeting natural gas pipeline sector companies in March. Various sources provided information to ICS-CERT describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations, the report says. Analysis of the malware and characteristics of the attacks link it back to a single campaign, ICS-CERT added.
Here's the rest of the alert:
The campaign appears to have started in late December 2011 and is active today. Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization.
ICS-CERT has issued an alert (and one update) to the US-CERT Control Systems Center secure portal library and also disseminated them to sector organizations and agencies to ensure broad distribution to asset owners and operators. While ICS-CERT strives to make as much information publicly available as possible, the indicators in these alerts are considered sensitive and cannot be disseminated through public or unsecure channels.
ICS-CERT is currently engaged with multiple organizations to identify the scope of infection and provide recommendations for mitigating it and eradicating it from networks. ICSCERT has conducted a series of briefings across the country to share information related to the intrusion activity with asset owners/operators. ICS-CERT will continue to work with private sector and government partners to respond to this and other cyber threats.
Asset owners/operators who would like access to the portal or to the alerts can contact ICS-CERT at firstname.lastname@example.org. Alternatively, they can work with their sector Information Sharing and Analysis Center (IS AC) or sector source for cyber alerts and information sharing to obtain the ICS-CERT Alerts.