All the latest UK technology news, reviews and analysis


Hackers break into Nuclear Regulatory Commission computers

19 Aug 2014
Hackers hit Nuclear Regulatory Commission with phishing attacks

Hackers have successfully infiltrated Nuclear Regulatory Commission (NRC) computers twice in the past three years, according to a leaked internal investigation report.

News of the breaches broke via Nextgov, which claims to have learned of the breaches after issuing open records requests to the NRC. At the time of publishing the NRC had not responded to V3's request for comment.

The report showed that the NRC was successfully hacked by two foreign attackers during one incident, and a single "unidentifiable individual" during the other.

One of the incidents saw the attacker mount a sophisticated phishing email campaign that targeted roughly 215 NRC employees, designed to steal their account login credentials. More than 12 NRC employees are listed as "taking the bait".

The campaigns also saw hackers attempt to trick employees into downloading malware hosted in a Microsoft SkyDrive account, via a malicious PDF file attachment.

It is unclear when the attacks occurred or what country the hackers came from. The report contains no information about whether the attacks were state sponsored and mounted by a cyber criminal gang, or launched by lone wolf hackers.

Attacks on critical infrastructure facilities are a growing threat facing governments and business of all sizes. Over the past year researchers have uncovered numerous fresh campaigns targeting power plants.

FireEye discovered a new variant of the Havex malware in July, which included a dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas.

Earlier in July the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) urged critical infrastructure firms to check their networks for signs of intrusion after another cyber attack tool was uncovered.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
12%
24%
12%
7%
45%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Ass Director Sales Operations - Hotels (BKK) - Relocation Avail

Associate Director Sales Operations - Hotels (Bangkok...

Sales Coordinator - Client Services HU-Budapest

Fast track your career with a leading online Travel and...

Contract Service Manager / Project Manage, ITIL, South London

Contract Service Manager / Client focused Project Manager...

SEM / Search Marketing Executive (SEO/PPC) - West End Digital Agency

SEM / Search Marketing Executive (SEO/PPC) - West End...
To send to more than one email address, simply separate each address with a comma.