Hackers break into energy technology company
A major technology company that enables energy suppliers and others to remotely control their operations has been penetrated by hackers from China, according to security researchers and company officials.
The intrusion appears to be the latest in a wide-ranging espionage campaign targeting energy companies, intelligence contractors, cybersecurity specialists, academic researchers and others, experts said.
Telvent , a Madrid-based company with U.S. headquarters in Rockville, helps manage 60 percent of the flow of hydrocarbons in North America and Latin America, according to its Web site. Technology made by the company, owned by Schneider Electric, also helps control and monitor power grids around the world.
“Every energy company in the Fortune 100 relies on our systems and information to manage their business, even in the most complex and volatile market conditions,” the Telvent site says.
In a statement, Telvent confirmed that intrusions occurred at its Calgary-based energy division. But the company provided few details. “Telvent is aware of a security breach of its corporate network that has affected some customer files,” the statement said. “Customers have been informed and are taking recommended actions, with the support of Telvent teams. Telvent is actively working with law enforcement, security specialists and its affected customers to ensure the breach has been contained.”
The breach, first reported Wednesday by online security blogger Brian Krebs of KrebsonSecurity.com, underscores the growing threat in cyberspace to the world’s critical infrastructure. Power grids, pipelines and other operations increasingly rely on industrial control computers and far-flung networks to be more efficient and save money.
Krebs obtained a Telvent letter to its customers saying that executives discovered on Sept. 10 that its security systems had been penetrated. In the letter, the company said files had been stolen, including some relating to a software system that supports “supervisory control and data acquisition.”
“In order to be able to continue to provide remote support services to our customers in a secure manner, we have established new procedures to be followed until such time as we are sure that there are not further intrusions into the Telvent network and that all virus or malware files have been eliminated,” the letter said.
“Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent,” the letter said.
Security researchers said details of the attack suggest it was the work of a notorious Chinese group dubbed the Comment Crew. The group appears to be behind a series of other attacks detailed in a Washington Post report Thursday.
The Comment Crew are believed to have attacked hundreds of other organizations in recent years as part of an ongoing espionage and disruption campaign.