Posted on September 24, 2021 at 6:56 PM

State-Sponsored Threat Actors Breach Computer Systems of US Port

Reports have revealed that state-sponsored hackers breached the computer systems of a leading port in the US Gulf Coast in August. However, the breach was detected early, which prevented the intruders from making any detrimental harm that affected shipping operations.

According to CNN, the incident was documented on a Coast Guard Analysis and verified by a US cybersecurity official.

State-Sponsored Hack

The hacking attempt is similar to many espionage attempts that foreign governments have done to obtain information about US maritime ports. Due to the increased number of cases, the US government has been looking into developing critical infrastructure that will protect government agencies from intrusions.

Hackers accessed the webserver to breach the Port of Houston systems to exploit a password management software vulnerability. The Coast Guard analysis further adds that the hackers later installed a malicious code on the server that gave them access to the port’s IT system.

One and a half hours after the breach, the hackers stole the login credentials for specific software institutions use to manage passwords on their network. However, the hacked server was isolated shortly after by cybersecurity experts, which barred the hackers from gaining further access to the network.

According to the Coast Guard analysis, “If the compromise had not been detected, the attacker would have had unrestricted remote access to the IT network by using stolen login credentials. With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations.”

The Port of Houston is one of the busiest ports in the US. The port is 25 miles in length, and according to the port’s website, it is used to ferry around 247 million tons of cargo annually.

It has not been established who exactly is behind the breach, but current data shows signs of espionage. The espionage attempt was also confirmed during a Senate hearing by the US Cybersecurity and Infrastructure Security Agency Director, Jen Easterly, who believed that a foreign government backed the hacking group behind the attempt.

Easterly told the Senate Homeland Security and Governmental Affairs Committee that, “At this point in time, I would have to get by with my colleagues, but I think it is a nation-state actor.” She also stated that the impact of the hacking attempt was limited and that cybersecurity researchers were working on learning more about the breach.

On the other hand, the report published by the Coast Guard analysis did not mention anything about a foreign government being involved in the breach. ”The Coast Guard cannot confirm what entities were behind this recent cyber incident.” However, statements from Easterly show that the port was the intended target of the breach.

A spokesperson of the Port of Houston stated that the port had suffered a Cyberattack in August but that the port had taken tough measures to defend itself from these attacks. The port further stated that it had used its Facilities Security Plan to defend itself against these attacks as per the Maritime Transportation Security Act (MTSA) specifications and that no data had been affected.

Cybersecurity Attacks on the Rise

The latest intrusion is among the many cyber-related attacks that US agencies have been fighting. Last week, US agencies had warned the public about a series of cyber-attacks that targeted defence contractors, transportation sectors and other institutions.

Speaking after this warning, Sarah Jones, an analyst with Mandiant Threat Intelligence, stated that assessment indicated that the hacks were state-sponsored. She further added that the nature of the hacks was similar to Chinese espionage campaigns. However, he noted that the recent hacks were not attributed to China.

The rise in cybersecurity attacks has prompted US officials to pay close attention to maritime cybersecurity. In 2019, the Coast Guard issued an alert about malicious software that affected the functionality of the computer systems of a ship headed to New Jersey and New York. The Coast Guard stated that the vessel did not have the appropriate cybersecurity systems in place during this incident.

At the beginning of the year, the US government published a cybersecurity plan to fix gaps and vulnerabilities in the maritime sector for the next five years. Scott Dickerson of the Maritime Transportation System Information Sharing and Analysis Center stated that the Maritime sector had made progress in boosting cyber security measures.

He further stated that ports had established platforms that allow information exchange. This exchange allows local stakeholders to partner more and boost resilience in cyber security systems, reducing the risk of a breach.