THE UNITED STATES Nuclear Regulatory Commission (NRC) has been hacked, according to a report, for the third time in three years.
A report at the US website Nextgov quotes an insider about internal investigations, and says that workers at the NRC have been targeted by spearphishing and Microsoft cloud attacks.
Two of the attacks on the NRC came from foreign parties. In one the hackers were able to break into an email account within the organisation and use it to spread malware internally, while in the other users were tricked into sharing information on a Google spreadsheet. A third attack is attributed to an unknown group.
NRC spokesman David McIntyre confirmed the assaults to Nextgov. "The NRC's computer security office detects and thwarts the vast majority of such attempts, through a strong firewall and reporting by NRC employees," he said.
"The few attempts documented [as] gaining some access to NRC networks were detected and appropriate measures were taken."
The security community has commented on the attack, and Zscaler Threatlabs said that while it is not surprising to see the NRC as a target, it is shocked by the method.
"In the cyber era of numerous state-sponsored targeted attacks with the motive of cyber espionage, surveillance, or sabotage, it is not very surprising that Nuclear Regulatory Commission (NRC) has been targeted multiple times," said Zscaler director of security research Deepen Desai.
"It is extremely concerning that these attacks involving a commonly used technique of spearphishing e-mails were successful on two occasions in the last three years. The sensitive information maintained by NRC will be of prime interest to some foreign states with the motives ranging from espionage [to] surveillance or sabotage." µ
Sign up for INQbot – a weekly roundup of the best from the INQ