In its monthly newsletter, ICS-CERT said it identified a series of spear-phishing attacks against personnel at natural gas pipeline companies designed to trick the recipient into opening the emails and downloading malware.
“The e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization”, the Department of Homeland Security agency said.
Through analysis of the malware and artifacts associated with the spear-phishing attacks, ICS-CERT was able to positively identify the activity as related to a single campaign; however, it did not provide the source of the campaign.
ICS-CERT said it issued an alert and two updates about the campaign to natural gas pipeline companies and organizations, as well as to the US-CERT Control Systems Center library. It also conducted a series of briefings with oil and natural gas pipeline companies about the spear-phishing campaign and how to detect and remove the malware.
ICS-CERT is currently engaged with multiple organizations to provide remote and onsite analytic assistance to confirm the compromise, extent of infection, and assist in removing it from networks.
The alerts sent to the natural gas pipeline companies were detailed in nature, providing computer file names, IP addresses, and other information needed for companies to check whether they had been infiltrated, according to a security expert cited by the Christian Science Monitor.
"This was far more detail than we've ever received in the past – and the number of alerts in succession was unusual. It indicated to me this was pretty serious", the expert told the newspaper.
Around 200,000 miles of interstate natural gas transmission pipelines supply 25% of the US energy needs, according to the newspaper.