The spear-phishing attacks laying siege to networks in the natural gas pipeline industry apparently are being carried out by the same group that hacked RSA security last year. The attacks, which have been occurring since late this past March, have targeted several of the country's natural gas pipeline companies.
According to U.S. officials, it's unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China.
DHS supplied the pipeline industry and its security experts with digital signatures, or "indicators of compromise" (IOCs). Those indicators included computer file names, computer IP addresses, domain names, and other key information associated with the cyberspies, which companies could use to check their networks for signs they've been infiltrated.
DHS officials and a spokesman have acknowledged they are working with the FBI to find out who may be behind the intrusions and malicious emails. The Monitor reports that some investigators now believe that the campaign is tied to another attack last year against cybersecurity company RSA, which the head of the National Security Agency told Congress could be traced back to China.
The group responsible for the RSA attacks has also been linked to several previous hacking incidents around the globe.Politico reports that these recent attacks, combined with the devastating 2010 natural gas pipeline explosion in California, illustrate the potential dangers of the rapidly expanding gas pipeline network.
The oil and gas sector has been targeted before. In February 2011 the computer security firm McAfee discovered a computer intrusion labeled "Night Dragon" that was traced to China. As part of that attack, individuals tried to obtain sensitive data and financial documents from the oil and gas companies about bids and future drilling exploration projects.
[Source]