By Sean Lyngaas, CNN
Last month, suspected foreign government-backed hackers breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant intruders were not capable of disrupting navigation operations, according to a Coast Guard analysis. of the incident obtained by CNN and a public statement from a senior US cybersecurity official.
The Port of Houston incident is one example of the interest foreign spies have in monitoring major US seaports, and it comes as US officials attempt to fortify critical infrastructure against such intrusions.
“If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network “using stolen login credentials, reads analysis of the US Coast Guard Cyber Command report, which is unrated and marked” For official use only. “With this unrestricted access, the attacker would have had many options to produce other effects that could impact port operations. “
The Port of Houston is a 25-mile-long complex through which 247 million tonnes of cargo pass each year, according to its website.
It’s unclear who was behind the breach, which appears to be part of a larger spy campaign. Asked about the incident during a Senate hearing on Thursday, US Agency for Cybersecurity and Infrastructure Security Director Jen Easterly said she believed a hacking group backed by a foreign government was responsible.
Attribution of cyber attacks “can always be complicated,” Easterly told the Senate Committee on Homeland Security and Government Affairs. “At this point, I should come back with my colleagues, but I think he’s a nation-state actor. “
“The campaign so far is limited, but we are continuing to work on it and I am happy to keep you posted,” she told lawmakers.
The Coast Guard’s analysis did not mention a foreign government or the Port of Houston, but Easterly identified the port as the targeted entity.
A Coast Guard spokesperson told CNN that “the Coast Guard cannot confirm which entities were behind this recent cyber incident.”
A spokesperson for the Port of Houston said, “The Port of Houston (Port Houston) authority successfully defended itself against a cybersecurity attack in August. Port Houston followed its facility security plan by doing so in accordance with the Marine Transportation Security Act (MTSA), and no data or operational systems were affected as a result. “
The intrusion was part of a larger set of hacks targeting defense contractors, transport companies and organizations other than US agencies warned the public about last week.
“We believe the actors are state sponsored and their objective is likely to conduct espionage on behalf of a foreign government,” Sarah Jones, senior analyst at Mandiant Threat Intelligence, told CNN. “Although the nature of the targets certainly aligns with Chinese history [advanced persistent threat] activity, we did not attribute any of these attacks to Chinese spy operators.
In the case of the Port of Houston, the unidentified hackers broke into a web server somewhere in the complex using a previously unidentified vulnerability in password management software at 2:38 p.m. UTC on August 19, according to the Coast Guard report. The intruders then implanted malicious code on the server, which allowed additional access to the computer system.
About 90 minutes after the initial breach, hackers stole all login information for a type of Microsoft software that organizations use to manage passwords and access to their networks, according to the report. Minutes later, cybersecurity personnel at the port isolated the hacked server, “cutting off unauthorized network access,” the advisory said.
Sean Plankey, a Coast Guard veteran and former senior White House cybersecurity official in the Trump administration, said the swift response to the incident was a sign the Coast Guard was becoming more proficient in cyberspace.
“Our adversaries know, probably better than most Americans, that our country’s economy goes through our ports,” Plankey told CNN.
A handful of security incidents in recent years have prompted U.S. officials to focus more on maritime cybersecurity.
Coast Guard in 2019 launched a public alert after malware “degraded the functionality of the onboard computer system” of a ship bound for the Port of New York and New Jersey in February. Although the vessel’s essential control systems were not affected, the Coast Guard found the vessel to lack “effective cybersecurity measures”.
The US government released a maritime cybersecurity plan in January that set the goal of “closing maritime cybersecurity gaps and vulnerabilities over the next five years.”
Scott Dickerson, who heads the Maritime Transportation System Information Sharing and Analysis Center, an industry threat sharing center, said the industry has made progress in strengthening its cyber defenses in recent years. years.
“Several port communities have established information exchanges, which allow local stakeholders to collaborate more effectively to improve the cyber-resilience of the local supply chain,” Dickerson told CNN.
This story was updated with additional details on Thursday.
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.