HACKERS HAVE BEEN TARGETING US nuclear facilities, their suppliers and manufacturing plants using phishing methods, US authorities have said.
Last week the US Department of Homeland Security and the FBI released a joint report into recent attacks, including one on Kansas-based nuclear power station operator Wolf Creek Nuclear Operating Corporation. The report was obtained by the New York Times.
The networks of Wolf Creek and other key infrastructure companies were said to have been infiltrated. The attackers appeared to be on a reconnaissance mission, seeking to understand the workings of the networks, possibly laying the groundwork for a future assault.
The authorities blamed an "advanced persistent threat" actor for the activity, which is usually taken to mean a state-sponsored group.
However, quoting unnamed sources, the NYT says the methodology deployed by the attackers is similar to the modus operandi of the Russian group "Energetic Bear" which has been blamed for hacking energy facilities and other key targets including financial institutions since 2012.
In the recent wave of attacks, which began in May, the attackers deployed spear-phishing techniques, emailing fake CVs with a malware payload to senior control engineers authorised to access the industrial control systems. The malware was designed to harvest user credentials and passwords, the report says. Other techniques involved man-in-the-middle and watering hole attacks, using compromised legitimate websites known to be visited frequently by the targets.
While the joint DHS-FBI report carries an 'amber' threat warning, the industry appears to be downplaying the seriousness of the hackers' activities.
Nuclear Energy Institute spokesperson John Keeley said that nuclear facilities are required by law to report cyberattacks but that none of the 100 or so facilities covered by the Institute have said that their security was compromised.
Meanwhile, in a joint statement with the FBI, a spokesman for the Department of Homeland Security said, "There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks."
The US Department of Energy also said the impact appears limited to administrative and business networks.
"Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation's energy infrastructure seriously and respond accordingly," a spokesperson told Bloomberg. µ
The week in Google in brief
Sega hedgehogging its bets
And not a purple duck in sight