Hackers have been probing US nuclear facilities, their suppliers and manufacturing plants using phishing methods, the US authorities have said.
Last week the US Department of Homeland Security and the FBI released a joint report into recent attacks, including one on nuclear power station operator Kansas-based Wolf Creek Nuclear Operating Corporation. The report was obtained by the New York Times.
The networks of Wolf Creek and other key infrastructure companies were said to have been infiltrated. The attackers appeared to be on a reconnaissance mission, seeking to understand the workings of the networks, possibly laying the groundwork for a future assault.
The authorities blamed an "advanced persistent threat" actor for the activity, which is usually taken to mean a state-sponsored group.
However, quoting unnamed sources, the NYT says the methodology deployed by the attackers is similar to the modus operandi of the Russian group "Energetic Bear" which has been blamed for hacking energy facilities and other key targets including financial institutions since 2012.
In the recent wave of attacks, which began in May, the attackers deployed spear-phishing techniques, emailing fake CVs with a malware payload to senior control engineers authorised to access the industrial control systems. The malware was designed to harvest user credentials and passwords, the report says. Other techniques involved man-in-the-middle and watering hole attacks, using compromised legitimate websites known to be visited frequently by the targets.
While the joint DHS-FBI report carries an 'amber' threat warning, the industry appears to be downplaying the seriousness of the hackers' activities.
Nuclear Energy Institute spokesperson John Keeley said that nuclear facilities are required by law to report cyberattacks but that none of the 100 or so facilities covered by the Institute have said that their security was compromised.
Meanwhile in a joint statement with the FBI, a spokesman for the Department of Homeland Security said, "There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks."
The US Department of Energy also said the impact appears limited to administrative and business networks.
"Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation's energy infrastructure seriously and respond accordingly," a spokesperson told Bloomberg.
Sophisticated hackers, probably backed by nation states, have been implicated in many attacks on key infrastructure. An investigation into a freak power outage in Ukraine last December was blamed on a cyber attack. Meanwhile security expert Bruce Scheneir has warned that international actors appear to be probing the internet's underlying infrastructure, presumably to find out what would be needed to take it down.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear