Hackers damage German factory

An online attack on a German steelworks caused massive damage to the infrastructure, according to reports.

The incident marks “one of the rare instances in which a digital attack actually caused physical damage”, reported IT World.

Beginning with a targeted spearfishing attack the unknown hackers managed to gain access to the factory’s internal systems, using fake emails which appeared to come from within the organization to trick staff into installing malware, according to The Telegraph.

Once this malicious code was installed on computers at the plant, staff noticed that systems and components began breaking down increasingly regularity. Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the German Federal Office for Information Security (BSI) said in an official report, which goes on to describe the technical skills of the attacker(s) as “very advanced.”

IT World continued: “The attack involved the compromise of a variety of different internal systems and industrial components, BSI said, noting that not only was there evidence of a strong knowledge of IT security but also extended know-how of the industrial control and production process.”

However, this German steelmill is not the first facility to be seriously damaged by a purely digital attack – the Stuxnet worm crippled an estimated 1,000 of 5,000 uranium centrifuges inside Iran’s Natanz uranium enrichment facility by spinning them at destructive speeds in 2010.

Author , ESET

  • oOoBubblesoOo

    Why would they design a system that can be controlled from outside the facility to begin with?

  • Mac

    Hackers please stop! You’re all nice peoples!! So why do you choose the path of darkness?

    • Monochrome in Technicolor

      Yea, that will stop them.

      • Mac

        LOL, it was worth a try!

    • zigzzagz

      No, no. They aren’t nice people. I’m this case and in the case of Iran and stuxnet it is country’s and secret service black ops type stuff. That aside, even your average DoS type hacker isn’t a nice person. Destruction for profit or amusement doesn’t fall under the heading of “nice” in my book.

  • William

    The Stuxnet worm was made by the US to try and slow Iran’s nuke program. Don’t understand why these counties and companies don’t beef up security.

  • poiy

    why would any business allow the internet connection to and internal network? next why would business allow the IT department to down load email attachment to the internal network with out calling the person who sent the email and attachment making sure that person was authorized . next why are not all the CD and usb ports not under lock and key so the janitor can’t put a DVD or USP thumb drive into the internal net work and introduce the virus that why, kind of chastity belt for the computer/server.

  • altizar

    If you have hardware control software in your plants, you need to have two seperate networks. 1 for control of the equpiment and the 2nd for communications which also includes external connection to the outside world.

    And when I say seperate, I mean totally phyiscally different routers, not the IT specialty of different subnets or quality of service control. cause when the routers get hacked, they can be switched to these other places, however if they are physically seperate, it’s tough to run a digital wire between two different routers

  • Rgarza42

    These are the terrorists of the future .

  • mac

    RUSSIA built the malware

  • Arthur Wilton

    If a computer contains very sensitive information or is critical to some vital process or can do serious damage if it malfunctions, then that computer should be offline unless there is a good reason for it to be online. Connecting every computer to the Internet is the source of a great many evils.

  • In the case of Stuxnet USA “inserted” this worm through agents and had inside info from equipment suppliers. Here I guess the question is who is this “steelworks” and who wanted them stopped? I’m guessing it military related work that this plant was doing.

  • Roy

    This really ticks me off. Hackers should be given the death penalty when caught for such damage to equipment and potentially harming workers. Hopefully Germany will be upgrading their computer ware to prevent any such attack in the future. Basically you have the have nots and the dirt poor countries trying to derail the richer nations.

  • Michael Pickering

    Hows about not have any internet capability on your internal systems?

  • Robert.Walter

    But what steel mill, what company?

    Everybody is doing lousy reporting by not naming the company.

    Eventually the company name wi have to come out because such damage is material and must be reported in company financials

    So the press isn’t doing any favors in not doing its job by not naming the company.

  • Robert.Walter

    What company was it?

Follow us

Copyright © 2017 ESET, All Rights Reserved.