- SMB Spotlight
International Atomic Energy Agency (IAEA) systems have been infected with an unknown data-stealing malware.
IAEA director of public information Serge Gas confirmed to V3 that a number of computers connected to its systems had been infected with malware, but added that no data was affected or compromised.
"During [the] past months some computers operated by the IAEA have been infected by malware. Data from a number of Vienna International Centre visitors' USB drives is believed to have been compromised. The Secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further. No data from the IAEA network has been affected," he said.
He added that the agency has already taken appropriate measures to ensure its systems don't fall victim to a second attack. "All necessary measures are being taken to address the situation. Protecting information is vital to the IAEA's work. The Agency continuously endeavours to achieve the highest possible level of protection of information," he said.
The news follows widespread reports that hackers are increasingly focusing their efforts on critical infrastructure areas, such as power. Security tycoon Eugene Kaspersky revealed earlier this year that the notorious Stuxnet malware had "badly" infected a nuclear power plant in Russia.
Stuxnet is very different to the malware used in the attack on the IAEA. Originally discovered targeting Iranian nuclear plants in 2010, it is unusual as it has a sabotage rather than espionage focus. Security experts have since warned that Stuxnet's atypical nature and behaviour makes it difficult to track, and that it is likely to have infected several more nuclear power plants around the world.
Attacks on critical infrastructure are a growing issue facing governments. The heads of GCHQ, the Security Service (MI5) and Secret Intelligence Service (MI6) argued that they need PRISM-level data-monitoring powers to defend critical infrastructure areas from the cyber threats, during a briefing with the Intelligence and Security Committee (ISC) earlier in November.