Hackers targeting US nuclear power plants

According to a report seen by The New York Times, Malware discovered in fake resumes aimed to steal engineers' credentials.

 

For the past couple of months, hackers have breached the computer networks of companies that operate nuclear power facilities in the US, according to a new report from federal law enforcement officials.

One of the companies targeted was the Wolf Creek Nuclear Operating Corporation, which operates a nuclear facility near Burlington, Kansas, according to a joint report issued last week by the FBI and Department of Homeland Security and described by The New York Times. The report carried an urgent amber warning, the second-highest rating for the severity of the threat, the Times reported.

Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks "one of the most serious national security challenges we must confront."

President Donald Trump signed an executive order in May designed to bolster the United States' cybersecurity by protecting federal networks, critical infrastructure and the public online. One section of the order focuses on protecting utilities grids like electricity and water, as well as financial, health care and telecommunications systems.

The government report didn't indicate whether the purpose of the cyberattacks was espionage or physical destruction, but researchers concluded that hackers appeared to be mapping computer systems for future attack. The origin of the attacks is also unclear, but sources told the Times that hackers' techniques resembled those used by a Russian hacking group known as Energetic Bear, which has been linked to attacks on the energy sector since 2012.

The report comes amid heightened concern that the Russian government hacked the US presidential election in November to ensure a victory for Republican Trump.
Hackers sent fake resumes containing malware to senior engineers who maintain broad access to critical industrial control systems, the government report said. When the recipients clicked on the documents, hackers could then steal their credentials, the Times reported.

A spokeswoman for the Wolf Creek Nuclear Operating Corporation declined to comment on the cyberattack but said there was "absolutely no operational impact" on the facility because corporate and operational networks are kept separate.

"The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet," Wolf Creek spokeswoman Jenny Hageman said in a statement. "The plant continues to operate safely."