Several sophisticated threat groups have breached the systems of a major critical manufacturing company, the Department of Homeland Security (DHS) revealed last week in a report.
According to the report, which summarizes the Industrial Control Systems Cyber Emergency Response Team’s (ICS-CERT) activities in the second quarter of 2014, the attackers had access to the unnamed manufacturing organization’s networks for several months.
![]() |
Register for the 2014 ICS Cyber Security Conference! |
ICS-CERT’s investigation uncovered a large number of compromised hosts, and lateral movement of the intruders throughout the network.
“This organization is a conglomeration of multiple companies acquired in recent years. The acquisition and subsequent merging of multiple networks introduced latent weaknesses in network management and visibility, which allowed lateral movement from intruders to go largely undetected,” the report reads.
The organization has more than 100 entry and exit points connected to the Internet, which makes securing the perimeter a challenging task. In addition, the attackers had managed to gain privileged access to systems by leveraging compromised domain accounts.
“In this situation, re-architecting the network is the best approach to ensure that the company has a consistent security posture across its wide enterprise,” ICS-CERT said.
The report also focuses on the Havex RAT, which has been used recently in cyber espionage operations aimed at industrial control systems.
“Various reports have indicated that organizations in the energy, manufacturing, pharmaceutical and information technology sectors are among those targeted by this campaign. However, drawing conclusions about the specific intent of targeting is not well understood as all victims have not been identified. While the specific target and motive of the campaign is unclear, the situation elevates the presence of a new and potentially evolving threat against industries operating critical infrastructure,” ICS-CERT said.
A study published this summer revealed that 70% of critical infrastructure organizations had suffered at least one security breach that either led to the disruption of operations or the loss of confidential information.
The DHS has been actively involved in the protection of critical infrastructure, but the agency has also made some mistakes that could have had serious consequences. In July, in response to a freedom of information act (FOIA) request, the DHS mistakenly released 840 pages of documents containing details on potentially vulnerable critical infrastructure points across the U.S.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
