back to article China caught – again – with its malware in another nation's power grid

Espionage-ware thought to have been developed by China has once again been spotted within the power grid of a neighboring nation. According to Symantec's Threat Hunter Team on Tuesday, a team dubbed Redfly infiltrated the national grid of an unnamed Asian nation using the ShadowPad Trojan, stole credentials, installed …

  1. PhilipN Silver badge

    “..thought to have been”…”believed to have been”…

    That’s OK. I am convinced!

    1. TheInstigator

      Re: “..thought to have been”…”believed to have been”…

      It's good enough to justify an invasion - I think justification normally takes about 45 minutes and involves a dossier

  2. Anonymous Coward
    Anonymous Coward

    So just another stuxnet like Trojan... Probably actually came from the USA (again) in reality

    1. Anonymous Coward
      Anonymous Coward

      Keep in mind that Stuxnet was intended to disrupt nuclear weapons construction, while these are (theoretically) enabling the disruption of power grids. The first keeps civilians from getting killed. The second will likely kill civilians. (Presumably impacted military would just fire up generators.)

      Any government-backed program to plant malware is deeply suspect, but at least with Stuxnet there was a justifiable reason.

  3. Anonymous Coward
    Anonymous Coward

    another set of windows systems compromised again.. what a surprise!

    1. IGotOut Silver badge
      Mushroom

      So other OS' have no holes?

      Yup, those Widows based hardware firewalls and iPhones are are nightmare.

      Just grow up and learn everything has holes in them. Sticking fingers in your ears and going la la la I run Linux is the most dumb thing you can do and the sort of thing idiots do.

      1. BartyFartsLast

        Ditto OSX, I've lost count of the number of times I've been told OSX is invulnerable.

  4. sanmigueelbeer
    Coat

    It is another example why CNI should never be connected to the internet.

    1. Anonymous Coward
      Anonymous Coward

      I often wonder why the people who run this sort of infrastructure expose it to the Internet.

      Then I remember the world is run by people who continually monitor the bottom line in the pursuit of bonuses for cost cutting and monitoring stuff via the Internet and IoShite is cheap.

      1. Altrux

        Because they are required to? Because power sites are required to transmit live operational metering data to the grid? Because contracts demand full visibility of behaviour, performance, alerts, etc? Running energy systems, and much else, without a live internet connection is not realistic in this day and age.

        1. BartyFartsLast

          And you can't think of a *single* way to transmit that data back to a central control centre without connecting it to the Internet?

          How do you think these systems were monitored before the Internet happened or do you think they just ran them blind?

    2. Will Godfrey Silver badge
      Unhappy

      In the words of the song...

      They would not listen,

      They're not listening still.

      Perhaps they never will,

    3. Peter Gathercole Silver badge

      But wait. The official way to fix this according to people like Symantec is to deploy even more complexity and intrusion detection software (and of course, their's is best), not actually take a sensible action to limit the exposure.

      I'm not saying that you don't put tools in to detect intrusions, but if you limit the attack surface then they should have less to do.

  5. titchy

    No need for China to infect the UK or other grids, they already have enough power

    China already have full ability to damage the UK or other grids where Solar power is popular.

    Most Solar inverters are tied back to a Chinese manufacturers cloud platform for command and control.

    All they need to do is switch all the solar inverters to the wrong frequency at the same time, or force full power to the grid or numerous other things and the grid would have a very bad day.

    And we are adding more and more of these things to the grid daily.

    1. Arthur the cat Silver badge

      Re: No need for China to infect the UK or other grids, they already have enough power

      Most Solar inverters are tied back to a Chinese manufacturers cloud platform for command and control.

      SolarEdge, who are common in the UK, are Israeli.

      1. TheInstigator

        Re: No need for China to infect the UK or other grids, they already have enough power

        I must remember - the Israelis are our friends right?

    2. VerySlowData
      Happy

      Re: No need for China to infect the UK or other grids, they already have enough power

      Really? We have solar panels and an inverter. works OK and doesn't come with any connectivity at all. There is an LCD panel that tells you panel voltage and power that it is providing to your house and that's it.

  6. Potemkine! Silver badge

    In a previous life, a security manager wanted to have chinese cameras because they were cheaper, despite what we told him. Not trusting the devices, we put them in a dedicated VLAN and restricted the flux to the max. Then we saw in our logs of blocked flux that the cameras were trying to phone home. We didn't know what they intended to do, didn't have the time to investigate further, but never the vendor told us about this behaviour. Being careful with non EU devices is a must have.

    1. garwhale Bronze badge

      Difficult to get any internet-connected device that doesn't want to send logging of some sort to the manufacturer. Should make an internation law/treaty that this is strictly opt-in, and what the reasons are for it. Breaching the law should result in big fines and compensation. Still, you should, as the poster did, ensure that they can't send data "home".

    2. TheInstigator

      So let me get this right - you trust EU stuff?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like