FBI and DHS warn of targeted attacks on US Nuclear Facilities

Since May, APT actors have been penetrating the networks of US companies that operate nuclear facilities and that works in the energy industry.

According to a joint report issued by the Department of Homeland Security and the FBI published last week, since May, hackers have been penetrating the networks of businesses that operate nuclear power stations, manufacturing plants and energy facilities in the United States and other countries.

The Wolf Creek Nuclear Operating Corporation is one of the companies hit by hackers, it runs a nuclear power plant near Burlington, Kan.

The news was disclosed by The New York Times that obtained the report, the attack was also confirmed by security experts involved in the incident response procedures.

The document doesn’t provide information related to the motivation of the attacks (sabotage or cyber espionage), it is not clear if attackers were able to fully compromise the target network and access the control systems of the facilities.

The attackers appear as part of a reconnaissance activity of the target infrastructure aimed to gather information for future attacks.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” reads the joint statement from the FBI and the Department of Homeland Security,

“In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.” states The New York Times.

The experts have not doubt, the attackers belong to an “advanced persistent threat” group linked to a foreign government.

The attackers’ TTPs mimicked those of the APT groups that in the past targeted the energy industry, such as the Russian Energetic Bear APT group.

The hackers launched spear phishing attacks on senior industrial control engineers that have access to the critical industrial control systems in the target plants. The phishing emails messages containing fake résumés for control engineering jobs, they are weaponized Microsoft Word documents used by hackers to steal victims’ credentials and make lateral movements in the target networks.

The hackers also powered watering hole attacks compromising legitimate websites visited by the victims and used to deliver malware.

The Department of Homeland Security consider cyberattacks on critical infrastructure “one of the most serious national security challenges we must confront.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Nuclear Facilities, hacking)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.