Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren’t in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official. CNN reports: The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions. “If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network” by using stolen log-in credentials, reads the US Coast Guard Cyber Command’s analysis of the report, which is unclassified and marked “For Official Use Only.” “With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations.” The Port of Houston is a 25-mile-long complex through which 247 million tons of cargo move each year, according to its website.
In the case of the Port of Houston, the unidentified hackers broke into a web server somewhere at the complex using a previously unidentified vulnerability in password management software at 2:38 p.m. UTC on August 19, according to the Coast Guard report. The intruders then planted malicious code on the server, which allowed further access to the IT system. Beginning about 90 minutes after the initial breach, the hackers stole all of the log-in credentials for a type of Microsoft software that organizations use to manage passwords and access to their networks, according to the report. Minutes later, cybersecurity staff at the port isolated the hacked server, “cutting off unauthorized access to the network,” the advisory said.
It’s unclear who was behind the breach, which appears to be part of a broader espionage campaign. When asked about the incident at a Senate hearing on Thursday, US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said she believed a foreign government-backed hacking group was responsible. Attribution of cyberattacks “can always be complicated,” Easterly told the Senate Homeland Security and Governmental Affairs Committee. “At this point in time, I would have to get back with my colleagues, but I do think it is a nation-state actor.”
Read more of this story at Slashdot.