CISA: China successfully targeted US oil and natural gas infrastructure

CISA alert details past network compromises and exposes a lack of preparedness among ICS companies.

"The Cybersecurity and Infrastructure Security Agency (CISA) issued on July 20, 2021, an alert (AA-22-2021A) addressing the successful Chinese intrusion of the United States oil and natural gas pipeline companies from 2011 to 2013.

In its alert, CISA shares the frequency with which the attacks occurred, number of confirmed compromises, number of near misses, and the number of attacks whose depth of intrusion was undetermined.

… CISA highlights the Chinese compromise of 13 of 23 targeted companies and noted that eight of the 23 companies may have been compromised, but the level of compromise was undetermined.

… The alert highlighted how 35% of the targeted companies were unable to determine the depth of the Chinese penetration into their ICS. Imagine being one of those eight CISO sitting there in the dark and unable to answer the question: “What did the adversary do once they compromised our network? …"

Much more in the article:

https://www.csoonline.com/article/3626193/cisa-china-successfully-targeted-us-oil-and-natural-gas-infrastructure.html

Here is the CISA alert:

https://us-cert.cisa.gov/ncas/alerts/aa21-201a

CodeMonkey might be interested in the details of the cyber intrusions in the CISA alert, if anybody can contact him.