September 29, 2012 - The company whose software and services remotely administers and monitor large sections of the US energy industry began warning customers about a sophisticated hacker attack.
Telvent Canada said that digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.
It looks like the hackers managed to get past the company firewall and security systems.
In letters sent to customers last week, Telvent Canada said the attack happened on September the 10th.
The attackers installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies.
The company said it was disconnecting the usual data links between clients and affected portions of its internal networks.
Meanwhile it is looking for virus or malware files.
According to KrebsOnSecurity.com, the company does not think that the intruders got any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system.
Telvent said it was working with law enforcement and a task force of representatives from its parent firm, Schneider Electric.
Joe Stewart, director of malware research at Dell SecureWorks said the Web site and malware names cited in the Telvent report map back to a Chinese hacking team known as the “Comment Group.”
Comment Group has been involved in sophisticated attacks to harvest intellectual property and trade secrets from energy companies, patent law firms and investment banks.