Nuclear power facilities have been among the targets of multiple hacking attacks in the United States since May, disclosed in a joint report issued by the Department of Homeland Security and the FBI, the New York Times reports.
Other energy and manufacturing companies have been victim of the malware attacks, which have reportedly been in the form of spear phishing attempts on the personal computers of employees working for the plants. There is no evidence that the hacking attempts have penetrated control systems of the facilities themselves.
One such facility as identified in the report is a nuclear power plant in Burlington, Kansas, owned by the Wolf Creek Nuclear Operating Corporation. The company has said that the internal networks which actually keep the plant functioning are separate from the corporate network over which it conducts business.
The DHS-FBI report concludes that these hacks have been more like along the lines of a reconnaissance attempt to map out networks in advance of a possible future malicious attack.
Federal officials have assigned an “amber” level threat to these cyber intrusions, the second-highest in terms of severity. But “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the report said, according to the Times.
The report did not identify a specific group or individual responsible, but described the techniques as similar to those conducted by state-level actors. Hackers used emails targeting senior level engineers at the plant with fake resumes laden with malicious code.
The report comes on the heels of a massive cyber-attack that affected business and infrastructure around the world last week. Dubbed ‘Not Petya’ after its initial confusion with another malware worm, it shut down critical systems primarily in Ukraine and Russia.
Not Petya, among others which have caused widespread damage, are allegedly variants of cyber weapons originally developed by the National Security Agency for penetration on foreign targets, such as Iran’s nuclear power facilities. The WannaCry attack in May is also linked to stolen NSA digital weapons.
Featured image courtesy of Emmelie Callewaert - Wikipedia
Join our community. To comment on this article please join/login. Here's a sample of the comments on this post.
With the Indian Point reactor within an hour of Manhattan, Limerick reactor near Philly, and Salem/Hope in Jersey near Wilmington, DE along with a few others a little further off of the rte 95 middle eastern corridor, it could get a bit exciting if things took a bad turn. Better keep some potassium iodide in my cabinets in case some idiots manage to shut down the cooling systems. Three Mile Island was close enough.
There have been news reports lately about a surge in cyber attacks on the energy sectors and it's very worrisome. Even if they haven't done much damage yet, the fact that there are so many reports of stealthy cyber probing on power plants, electric grids and nuclear facilities is certainly concerning. The threat posed to our country by a possible attack on our power systems belongs at the top level of security importance as it could cause a huge disaster. I did not realize that these attacks are based on our own cyber weapons originally developed by the NSA! Is there no way to protect our digital weapons from being stolen by malicious sources? Very concerning! Thanks, Travis.