WASHINGTON—Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry.
The disclosure of previously classified information about the aggressive Chinese hacking campaign, though dated, underscored the severity of foreign cyber threats to the nation’s infrastructure, current and former officials said. In some cases, the hackers possessed the ability to physically damage or disrupt compromised pipelines, a new cybersecurity alert said, though it doesn’t appear they did so.
Previously, senior administration officials had warned that China, Russia and others were capable of such cyber intrusions. But rarely has so much information been released about a specific and apparently successful campaign.
Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of “holding U.S. pipeline infrastructure at risk,” the Federal Bureau of Investigation and the Department of Homeland Security said in Tuesday’s joint alert.
Of the known targets, 13 were successfully compromised and an additional eight suffered an “unknown depth of intrusion,” which officials couldn’t fully assess because the victims lacked complete computer log data, the alert said. Another three targets were described as “near misses” of the Chinese campaign, which relied heavily on spear phishing attacks.