Steel mill in Germany (2014)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date Reported in December 2014. The German Federal Office for Information Security (BSI) did not disclose the actual date of the attack but it appeared in its annual report from 2014.[1]
Suspected actor There is no evidence attributing the attack to individuals or groups. The attack has been classified as an Advanced Persistent Threat (APT), therefore, it has been assumed that it has been conducted by a skilled and well-funded group of hackers.[2]
Target A steel mill located in Germany (the German Government never disclosed the name and the location of the steel mill involved).[3]
Target systems Microsoft Windows-based systems
Method According to a report published by the SANS Institute, the hackers targeted on site personnel and gained access to the steel mill network through a spear-phishing attack.[4] It is likely that the email contained an attached document that, once opened, triggered the malicious code within the steel mill networks.[5] Then, exploiting the vulnerabilities in the applications running on the targeted system, the code created a remote connection point to establish a bridge between the attackers and the targeted industrial network. At this point, the hackers were able to reprogram the programmable logic controllers (PLCs), compromising the functions of the furnace.[6]
Purpose Unknown
Result The accumulation of breakdowns of individual industrial components of the control system[7] prevented the furnace from being shut down, causing grave infrastructural damages.[8]
Aftermath The attack likely caused loss of control of the infrastructure and physical destruction at the steel mill. The German government never disclosed the entity of the damages. The attack bears relevance as it highlights the rapid development of increasing threats against Industrial Control Systems (ICS) resulting in physical damages.[9]
Analysed in Scenario 03: Cyber attack against the power grid

Scenario 10: Cyber weapons review

Collected by: Samuele De Tomas Colatin

  1. BBC news, “Hack attack causes 'massive damage' at steel works”, (22 December 2014), BBC.
  2. Sentryo, “Cyberattack on a German steel-mill”, (31 May 2016), Sentryo Center.
  3. BBC news, “Hack attack causes 'massive damage' at steel works”, (22 December 2014), BBC.
  4. R M. Lee, M J. Assante, T Conway, “Case study paper – German Steel Mill Cyber Attack”, (30 December 2014), SANS Institute.
  5. E Kovacs, “Cyberattack on German Steel Plant Caused Significant Damage: Report”, (18 December 2014), Security Week.
  6. ibid.
  7. A Potekhin, “How this Attack on a German SCADA Network Could Have Been Prevented”, (23 June 2016), Cyberbit.
  8. P Cobb, “German Steel Mill Meltdown: Rising Stakes in the Internet of Things”, (14 January 2015), SecurityIntelligence.
  9. K Zetter, “A Cyberattack has causes confirmed physical damage for the second time ever”, (8 January 2015), Wired.