Sophisticated cyberattack damaged German steel plant, report says

Skilled hackers caused serious damage at a German steel mill sometime during this year, according an annual security roundup issued Wednesday by the country’s Federal Office for Information Security (BSI).

According to the report, the previously undisclosed attack caused “massive damage” to a blast furnace by targeting internal systems and industrial components, making it impossible to shut down the furnace in a regulated way.

The BSI said the attackers displayed “very advanced” capabilities, and that they used a “sophisticated spear phishing” technique to gain access to the core networks of the plant.

Spear phishing involves targeting specific individuals within an organization, by investigating them in order to figure out how best to dupe them into clicking some link they shouldn’t – British spy agency GCHQ reportedly did it in order to hack into Belgacom’s systems, for example. This is fairly textbook stuff, but once the attackers were in, they also knew their way around industrial control systems, the BSI indicated.

The most famous attack on industrial control systems remains Stuxnet, the nasty worm that the U.S. and Israel created to attack various Iranian facilities, most notably the Natanz uranium enrichment plant. Stuxnet destroyed hundreds of the Iranians’ centrifuges by making them spin out of control.

The BSI’s report didn’t say which steelworks were targeted this year, nor precisely when the attack took place.