A German iron plant experienced a cyberattack that caused physical damage, according to a report from a German federal agency.
The incursion was achieved via spear-fishing and social engineering aimed at an office network at the plant. The attackers subsequently accessed the plant’s production network and were able to manipulate a furnace to prevent it from shutting down, resulting in “massive damage.”
This strike is a rare instance of a government acknowledging physical damage from a cyberstrike. One precedent is November 2010’s attack on Iran’s centrifuges, believed to have originated from a joint U.S. and Israel campaign dubbed Stuxnet.
Robert M. Lee, a co-founder at security firm Dragos Security, described the technical skills of the attackers as “very advanced,” owing to their detailed technical knowledge of the industrial control systems.