X

Hackers targeting US nuclear power plants, report finds

Malware discovered in fake resumes aimed to steal engineers' credentials, according to a report seen by The New York Times.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

The Wolf Creek Nuclear Power Plant near Burlington, Kansas, was one of the facilities identified as targeted by hackers.

Wichita Eagle

For the past couple of months, hackers have breached the computer networks of companies that operate nuclear power facilities in the US, according to a new report from federal law enforcement officials.

One of the companies targeted was the Wolf Creek Nuclear Operating Corporation, which operates a nuclear facility near Burlington, Kansas, according to a joint report issued last week by the FBI and Department of Homeland Security and described by The New York Times. The report carried an urgent amber warning, the second-highest rating for the severity of the threat, the Times reported.

Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks "one of the most serious national security challenges we must confront."

President Donald Trump signed an executive order in May designed to bolster the United States' cybersecurity by protecting federal networks, critical infrastructure and the public online. One section of the order focuses on protecting utilities grids like electricity and water, as well as financial, health care and telecommunications systems.

The government report didn't indicate whether the purpose of the cyberattacks was espionage or physical destruction, but researchers concluded that hackers appeared to be mapping computer systems for future attack. The origin of the attacks is also unclear, but sources told the Times that hackers' techniques resembled those used by a Russian hacking group known as Energetic Bear, which has been linked to attacks on the energy sector since 2012.

The report comes amid heightened concern that the Russian government hacked the US presidential election in November to ensure a victory for Republican Trump.

Hackers sent fake resumes containing malware to senior engineers who maintain broad access to critical industrial control systems, the government report said. When the recipients clicked on the documents, hackers could then steal their credentials, the Times reported.

A spokeswoman for the Wolf Creek Nuclear Operating Corporation declined to comment on the cyberattack but said there was "absolutely no operational impact" on the facility because corporate and operational networks are kept separate.

"The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet," Wolf Creek spokeswoman Jenny Hageman said in a statement. "The plant continues to operate safely."

Solving for XX: The industry seeks to overcome outdated ideas about "women in tech."

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.