Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Critical Manufacturing Firm Hit by Sophisticated Threat Actors: DHS

Several sophisticated threat groups have breached the systems of a major critical manufacturing company, the Department of Homeland Security (DHS) revealed last week in a report.

Several sophisticated threat groups have breached the systems of a major critical manufacturing company, the Department of Homeland Security (DHS) revealed last week in a report.

According to the report, which summarizes the Industrial Control Systems Cyber Emergency Response Team’s (ICS-CERT) activities in the second quarter of 2014, the attackers had access to the unnamed manufacturing organization’s networks for several months.

2014 ICS Cyber Security Conference
Register for the 2014 ICS Cyber Security Conference!

ICS-CERT’s investigation uncovered a large number of compromised hosts, and lateral movement of the intruders throughout the network.  

“This organization is a conglomeration of multiple companies acquired in recent years. The acquisition and subsequent merging of multiple networks introduced latent weaknesses in network management and visibility, which allowed lateral movement from intruders to go largely undetected,” the report reads.

The organization has more than 100 entry and exit points connected to the Internet, which makes securing the perimeter a challenging task. In addition, the attackers had managed to gain privileged access to systems by leveraging compromised domain accounts.

“In this situation, re-architecting the network is the best approach to ensure that the company has a consistent security posture across its wide enterprise,” ICS-CERT said.

The report also focuses on the Havex RAT, which has been used recently in cyber espionage operations aimed at industrial control systems.

“Various reports have indicated that organizations in the energy, manufacturing, pharmaceutical and information technology sectors are among those targeted by this campaign. However, drawing conclusions about the specific intent of targeting is not well understood as all victims have not been identified. While the specific target and motive of the campaign is unclear, the situation elevates the presence of a new and potentially evolving threat against industries operating critical infrastructure,” ICS-CERT said.

A study published this summer revealed that 70% of critical infrastructure organizations had suffered at least one security breach that either led to the disruption of operations or the loss of confidential information.

The DHS has been actively involved in the protection of critical infrastructure, but the agency has also made some mistakes that could have had serious consequences. In July, in response to a freedom of information act (FOIA) request, the DHS mistakenly released 840 pages of documents containing details on potentially vulnerable critical infrastructure points across the U.S.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...