元器件交易网讯  5月21日消息，据外媒报道，美国国土安全部（DHS）表示，黑客组织最近袭击了美国公用设施，破坏其控制系统网络，但没有证据表明公用设施系统受到影响。

　　工业控制系统机构网络应急响应小组（ICS-CERT）在本周发布的报告中指出，美国国土安全部没有确认此事。

　　美国国土安全部周二对路透社表示，确认有未经授权的访问，ICS-CERT能够处理受影响的实体，采取了缓解措施，确保他们的安全控制系统操作不受任何影响。

　　这样的网络攻击很少被ICS-CERT披露，通常其调查详细信息保密，鼓励企业与政府共享信息。公司往往不愿公开攻击事件，以避免造成潜在的负面效应。

　　最近，关于美国网络遭黑客袭击的话题已成为热点，美国还指控五名中国军官侵入美国公司窃取商业机密。

　　（元器件交易网董蕾 摘译）

　　外媒原文如下：

　　A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security.

　　DHS did not identify the utility in a report that was issued this week by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

　　"While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations," a DHS official told Reuters on Tuesday.

　　Such cyber attacks are rarely disclosed by ICS-CERT, which typically keeps details about its investigations secret to encourage businesses to share information with the government. Companies are often reluctant to go public about attacks to avoid potentially negative publicity.

　　ICS-CERT said in the report posted on its website that investigators had determined the utility had likely been the victim of previous intrusions. It did not elaborate.

　　The agency said the hackers may have launched the latest attack through an Internet portal that enabled workers to access the utility's control systems. It said the system used a simple password mechanism that could be compromised using a technique known as "brute forcing," where hackers digitally force their way in by trying various password combinations.

　　Justin W. Clarke, an industrial control security consultant with security firm Cylance Inc, said it is rare for such breaches to be identified by utilities and even more rare for the government to disclose them.

　　"In most cases, systems that are so antiquated to be susceptible to such brute forcing technologies would not have the detailed logging required to aid in an investigation like this," Clarke said.

　　DHS also reported another hacking incident involving a control system server connected to "a mechanical device." The agency provided few details about that case, except to say the attacker had access over an extended period of time, though no attempts were made to manipulate the system.

　　"Internet facing devices have become a serious concern over the past few years," the agency said in the report.

　　Last year ICS-CERT responded to 256 cyber incident reports, more than half of them in the energy sector. While that is nearly double the agency's 2012 case load, there was not a single incident that caused a major disruption.

　　Those incidents include hacking into systems through Internet portals exposed over the Web, injecting malicious software through thumb drives, and exploitation of software vulnerabilities.