The first major physical damage caused by hackers occured in 2010 when the Stuxnet virus sabotaged uranium enrichment operations in Iran.
The report from Germany, which detailed and confirmed this attack, fails to elaborate on what the actual damage was, or on what the hackers were after. The attack took place on a not-identified steel mill with the attack leaving one of the mill’s furnaces “unable to shut down in a regulated manner”. It’s not clear if this was indeed intended or just a side-effect of the systems being hacked into.
The report also explains that the hackers gained control over critical systems by using a spear phishing attack and infiltrating the plant’s business network. After that they managed to get access to the production network. It goes on to say:
The know-how of the attacker was very pronounced not only in conventional IT security but extended to detailed knowledge of applied industrial controls and production processes.