Cyberattacks breached at least a dozen power plants, including nukes
- Author: Myrtle Hill Jul 08, 2017,
Jul 08, 2017, 0:18
It's not clear whether the hackers sought information or were gearing up for destruction, and there's no sign that the hackers were able to access the facilities' control systems, per the New York Times.
According to the New York Times, whose staff obtained the report, the hacking operation has been underway since May, and carries an "urgent amber warning".
Hackers breached at least a dozen US power plants in attacks in May and June, US media report, citing intelligence officials. Sources tell Bloomberg that the hackers appear to be searching for ways to disrupt America's electrical grid-and the chief suspect is Russian Federation, where hackers are believed to have taken down part of Ukraine's power system.
In the recent wave of attacks, which began in May, the attackers deployed spear-phishing techniques, emailing fake CVs with a malware payload to senior control engineers authorised to access the industrial control systems.
The Wolf Creek nuclear plant was accidentally named in the DHS and Federal Bureau of Investigation alert, called out because hackers had stolen a plant employee's computer credentials. It did say an "advanced persistent threat" actor was responsible, which suggests US officials believe the hackers are backed by a foreign government.
The New York Times reports that USA officials suspect foreign governments, including Russian Federation, are behind the attacks.More news: Machine learning comes to Tour de France
A former DHS official told Bloomberg that the language used in the warning implied that the hackers were working to create backdoors to the power plant computer systems that they could exploit at a later date.
Among the companies targeted was the Kansas based Wolf Creek Nuclear Operating Corporation, the report said.
According to the government report, the severity of the cyberattacks is still unclear, as is their motive.
Bloomberg also says an unnamed control system manufacturer was "recently" infiltrated in what may have been a related attack. Authorities say they are unsure.
The resumes were Microsoft Word documents that contained malicious code, which allowed attackers to steal the recipient's credentials once a document is opened.