APT

FBI and DHS warn of targeted attacks on US Nuclear Facilities

Since May, APT actors have been penetrating the networks of US companies that operate nuclear facilities and that works in the energy industry.

According to a joint report issued by the Department of Homeland Security and the FBI published last week, since May, hackers have been penetrating the networks of businesses that operate nuclear power stations, manufacturing plants and energy facilities in the United States and other countries.

The Wolf Creek Nuclear Operating Corporation is one of the companies hit by hackers, it runs a nuclear power plant near Burlington, Kan.

The news was disclosed by The New York Times that obtained the report, the attack was also confirmed by security experts involved in the incident response procedures.

The document doesn’t provide information related to the motivation of the attacks (sabotage or cyber espionage), it is not clear if attackers were able to fully compromise the target network and access the control systems of the facilities.

The attackers appear as part of a reconnaissance activity of the target infrastructure aimed to gather information for future attacks.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” reads the joint statement from the FBI and the Department of Homeland Security,

“In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.” states The New York Times.

The experts have not doubt, the attackers belong to an “advanced persistent threat” group linked to a foreign government.

The attackers’ TTPs mimicked those of the APT groups that in the past targeted the energy industry, such as the Russian Energetic Bear APT group.

The hackers launched spear phishing attacks on senior industrial control engineers that have access to the critical industrial control systems in the target plants. The phishing emails messages containing fake résumés for control engineering jobs, they are weaponized Microsoft Word documents used by hackers to steal victims’ credentials and make lateral movements in the target networks.

The hackers also powered watering hole attacks compromising legitimate websites visited by the victims and used to deliver malware.

The Department of Homeland Security consider cyberattacks on critical infrastructure “one of the most serious national security challenges we must confront.”

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – Nuclear Facilities, hacking)

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

11 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

17 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.