The U.S. Nuclear Regulatory Commission (NRC) has been hacked three times over the course of the last three years according to a recently published NextGov report.


The report explains that hackers from an unnamed foreign country duped NRC employees into installing malware and clicking on phishing links in an attempt to secure log-in details. It's not clear exactly what the hackers were seeking to obtain beyond those details.

In one hack, at least 215 employees were targeted and, worryingly, 12 fell for it, clicking through to Google Docs spreadsheets to "verify their user accounts." Elsewhere, a phishing attack linked users through to malware hosted on OneDrive storage and a PDF attachment contained a JavaScript security vulnerability. Fortunately, the NRC has some measures in place for its dumb employees, and on these occasions immediately cleaned and changed the user profiles of those who clicked.


The NRC records and maintains detailed information about nuclear reactors, waste storage facilities and uranium processing plants across the U.S.—including security details and how radioactive materials are stored. In other words, it would be good if its servers weren't hacked. [NextGov via Threatpost]

Top image: Nuclear weapon test on Bikini Atoll in 1954. DOE