Hackers have breached one of the United States’ largest ports by exploiting a password management tool, with early detection stopping them short of interrupting shipping operations.
The Port of Houston, one of the United States’ largest ports, was targeted last month in a breach suspected to have been conducted by state-sponsored hacking groups.
Media outlets reported that early detection of the cyber operation ensured that the breach was not able to interrupt the Port of Houston’s shipping operations.
According to a press release from Port Houston, the Port followed its Maritime Transportation Security Act guided security policy.
“The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August,” a release from the Port read.
“Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.”
It has yet to be determine what group was behind the attack.
Several media outlets have reported that the cyber criminals attempted the hack by leveraging the ManageEngine ADSelfService Plus program, which manages passwords. The hack came amid scrutiny over the use of password management tools.
In mid-September, the US Cybersecurity & Infrastructure Security Agency released an alert for the ManageEngine ADSelfService Plus program.
“The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software,” the alert read.
“Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.
“Confirming a successful compromise of ManageEngine ADSelfService Plus may be difficult — the attackers run clean-up scripts designed to remove traces of the initial point of compromise and hide any relationship between exploitation of the vulnerability and the webshell.”