Since May, APT actors have been penetrating the networks of US companies that operate nuclear facilities and that works in the energy industry.

According to a joint report issued by the Department of Homeland Security and the FBI published last week, since May, hackers have been penetrating the networks of businesses that operate nuclear power stations, manufacturing plants and energy facilities in the United States and other countries.

The Wolf Creek Nuclear Operating Corporation is one of the companies hit by hackers, it runs a nuclear power plant near Burlington, Kan.

The news was disclosed by The New York Times that obtained the report, the attack was also confirmed by security experts involved in the incident response procedures.

The document doesn’t provide information related to the motivation of the attacks (sabotage or cyber espionage), it is not clear if attackers were able to fully compromise the target network and access the control systems of the facilities.

The attackers appear as part of a reconnaissance activity of the target infrastructure aimed to gather information for future attacks.

Wolf Creek officials haven’t commented the cyber attacks, it clarified that no “operations systems” had been affected and that their corporate network was not connected to the network that runs the plant. The investigators have not been able to isolate and analyze the malware used by attackers.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” reads the joint statement from the FBI and the Department of Homeland Security,

“In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.” states The New York Times.

The experts have not doubt, the attackers belong to an “advanced persistent threat” group linked to a foreign government.

The attackers’ TTPs mimicked those of the APT groups that in the past targeted the energy industry, such as the Russian Energetic Bear APT group.

The hackers launched spear phishing attacks on senior industrial control engineers that have access to the critical industrial control systems in the target plants. The phishing emails messages containing fake résumés for control engineering jobs, they are weaponized Microsoft Word documents used by hackers to steal victims’ credentials and make lateral movements in the target networks.

The hackers also powered watering hole attacks compromising legitimate websites visited by the victims and used to deliver malware.

The Department of Homeland Security consider cyberattacks on critical infrastructure “one of the most serious national security challenges we must confront.”

Pierluigi Paganini

(Security Affairs – Nuclear Facilities, hacking)

Share this...

Linkedin Reddit Pinterest

Share On