Nuclear facility hacks remain fairly superficial for now, say DHS and FBI

A new report from The New York Times sheds some light on ongoing cyberthreats to U.S. nuclear facilities. According to the report, a number of manufacturing and energy facilities have been penetrated in attacks that began in May.

The Times obtained a joint DHS and FBI joint report which names Wolf Creek Nuclear Operating Corporation in Kansas as a specific target, though the story suggests that other facilities were also targeted. The joint FBI and DHS statement was categorized as an amber-level alert, marking it as “information [that] requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.”

In a statement to TechCrunch on behalf of both agencies, DHS clarified that the hackers have not penetrated these nuclear facilities beyond “administrative and business networks,” indicating that the deeper control systems that could cause system failure or other meaningful forms of disruption were not impacted. Network administration was also unaffected.

“The Department of Homeland Security and the Federal Bureau of Investigation are aware of a potential cyber intrusion affecting entities in the energy sector. There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” a DHS spokesperson told TechCrunch.

“In furtherance of public-private partnerships, the FBI and DHS routinely advise private industry of various cyber threat indicators in order to help systems administrators guard against the actions of persistent cyber criminals.”

While little is yet known about the entities or individuals behind the attacks, the hackers appear to target individual employees with an array of methods. One spear-phishing technique involved sending senior engineers falsified resumes in Microsoft Word that were tainted with malware. Other attacks used man-in-the-middle and watering hole methods to obtain the credentials of their intended victims without their knowledge.

The new report just goes to show that industrial and infrastructural facilities are hot targets these days. Just last week, Kaspersky Labs found that June’s suspected ransomware attack focused on oil, gas and manufacturing targets, likely to cause widespread disruption. That same malware also disabled Chernobyl’s automated radiation monitoring system, forcing it into manual mode.

While U.S. nuclear and energy facilities are increasingly aware of the cyberthreats to their systems, we can expect to see more hacks testing the limits of critical infrastructure systems, both in the U.S. and abroad.