On September 26, a media report outlining the compromise of control system vendor Telvent (owned by Schneider Electric) was released. Since then, Wired has published an additional article and Energysec has received additional details and independent confirmation of the breach. It appears that a known group of malicious actors broke into Telvent and stole control-system specific information from them.
Due to Telvent’s support models requiring connections to their customer networks, and keeping with previous behavior from the group of actors in question, it is believed those customer networks may also be at risk. The company has been in active communication with its customers and has requested that those connections be severed until the situation has been resolved. Telnet has identified temporary business process adjustments in the mean time. Of note, this actor group appears to have also been responsibly for the previously media-reported oil and natural gas espionage campaign and an (unsuccessful) attack against Energysec.
Energysec’s view of this incident is that, while it has significance in its own right, it is also a continuation of known actors taking advantage of known techniques to achieve previously identified ends as part of continuing espionage efforts against the same industry. The reduction of these incidents in terms of success rate, frequency, and magnitude remains a strategic problem which requires a continuous and close partnership between private industry, accademia, and the government.
For more information, check out our TAC Handler’s Diary entry on the Telvent breach.