Chinese hackers successfully infiltrated the IT systems of at least five global utility companies in order to steal proprietary information, according to a report from security vendor McAfee.
The methods these hackers allegedly used, including website hacks and email-borne malware, were “not sophisticated”, McAfee said.
The intent of the attacks was not to disrupt the company’s operations, but to steal commercially valuable information such as contracts and bid proposals. "That information is tremendously sensitive and would be worth a huge amount of money to competitors," a McAfee spokesperson told the Reuters news agency.
The attacks were conducted from computers with Beijing IP addresses, McAfee said, and took place during working hours in the Beijing time zone. There was no evidence that the attacks were state sponsored.
Information security attacks on energy companies are a cause of growing concern among both businesses and governments, as in theory they have the potential to cause grave economic and physical damage.
The emergence of the virus Stuxnet last year, which appeared to target the control systems of nuclear power plants, demonstrated that critical infrastructure could be compromised by Internet-based attacks on commodity software platforms.
However, critics have also observed that emphasising the risk of cyber attack serves the commercial interests of both the information security industry and the military industrial complex, which sees in “cyber security” equipment a chance to counterbalance dwindling demand for conventional military hardware.