{ "Event": { "analysis": "1", "date": "2014-12-30", "extends_uuid": "", "info": "[Threat Intel] German Steel Mill Cyber Attack", "protected": false, "publish_timestamp": "1772419613", "published": true, "threat_level_id": "2", "timestamp": "1772419611", "uuid": "a28abebe-0645-450e-9b9b-e9e998e5076c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Steel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Spearphishing Attachment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Damage to Property\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": "" }, { "colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771799265", "to_ids": false, "type": "link", "uuid": "ca14e456-5e4f-4e76-b3d7-d5bde1e9f2c5", "value": "https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt5bd1acefa6ad7c17/6323756c1ad88e716559ed66/ICS-UseCase2-ICS-CPPE-case-Study-2-German-Steelworks_Facility.pdf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771800242", "to_ids": false, "type": "link", "uuid": "be1b7265-dae5-4904-b739-8bc35fc71d68", "value": "http://web.archive.org/web/20240421015526/https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2014.pdf%3F__blob%3DpublicationFile%26v%3D2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771800301", "to_ids": false, "type": "text", "uuid": "f6583f44-d8e0-455a-b17b-178ea26fd082", "value": "In December, 2014 the German government\u2019s Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI) (translated as Federal Office for Information Security) released their annual findings report.1\r\nIn one case they noted that a malicious actor had infiltrated a steel facility. The adversary used a spear phishing email to gain access to the corporate network and then moved into the plant network.\r\nAccording to the report, the adversary showed knowledge in ICS and was able to cause multiple components of the system to fail. This specifically impacted critical process components to become unregulated, which resulted in massive physical damage.\r\nTo date, the only other public example of a cyber attack causing physical\r\ndamage to control systems was Stuxnet. As such, the BSI\u2019s reporting of this incident generates a useful case-study to extract lessons learned for the community." } ] } }