The US Nuclear Regulatory Commission (NRC) was successfully hacked three times in the past three years, according to documents seen by Nextgov.com.
Two of the attacks are believed to have been carried out by foreign hackers, and another one by an unidentified individual. All three used phishing emails to compromise employee computers.
Attacks against critical national infrastructure are an increasingly important topic, with security experts warning that the number of such incidents will keep growing.
Details of the attacks were found in a report by NRC’s office of the Inspector General, obtained through a Freedom of Information request. In total, there were 17 suspected braches at NRC from 20010 to 2013. Three of them were successful, at least in getting into the agency’s network.
In one of the cases, phishing emails were sent to around 215 NRC employees and 12 were infected after clicking a link and logging into a fake website.
In another, attackers compromised a single work PC, and then used it to send further emails with a malware-ridded attachment across the organisation. According to the report, only one staff member was successfully tempted into opening the infected PDF document.
The commission spokesman David McIntyre told Nextgov that every NRC employee is required to complete annual cyber training that deals with phishing and other attempts to obtain illicit entry into agency networks.
Security researchers from FireEye suggest that the breaches could be the work of a state-sponsored hacker group, since average cyber criminals would have little interest in nuclear watchdog’s data.
The energy sector is thought to present a particularly critical target to a certain kind of attacker, since disrupting its digital systems would have a direct impact on the physical world.
In May, the US Department of Homeland Security warned organisations running Industrial Control Systems (ICS) that an unnamed utility service was compromised, although its operations were not affected. Last year, “sophisticated” malware kept a US power plant out of commission for three weeks.
In February, business secretary Vince Cable met with the representatives of the UK’s financial, water, energy, communications and transport sectors to highlight the need to protect critical national infrastructure against Internet-based attacks.
What do you know about famous hackers? Take our quiz!
Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…
Shares in Donald Trump’s social media company rose about 16 percent after first day of…