The U.S. Department of Homeland Security has issued at least three confidential alerts to warn about "cyber-attacks" against natural gas pipeline sector companies.
The DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said an active series of cyber-intrusions started in late December 2011 and continues to be active today.
"Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign," ICS-CERT said in its monthly report (PDF).
"Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization," the group said.
From the report:
ICS-CERT has issued an alert (and one update) to the US-CERT Control Systems Center secure portal library and also disseminated them to sector organizations and agencies to ensure broad distribution to asset owners and operators. While ICS-CERT strives to make as much information publicly available as possible, the indicators in these alerts are considered sensitive and cannot be disseminated through public or unsecure channels.
ICS-CERT is currently engaged with multiple organizations to identify the scope of infection and provide recommendations for mitigating it and eradicating it from networks. ICSCERT has conducted a series of briefings across the country to share information related to the intrusion activity with asset owners/operators. ICS-CERT will continue to work with private sector and government partners to respond to this and other cyber threats.