U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

FBI and DHS warn of targeted attacks on US Nuclear Facilities

Since May, APT actors have been penetrating the networks of US companies that operate nuclear facilities and that works in the energy industry. According to a joint report issued by the Department of Homeland Security and the FBI published last week, since May, hackers have been penetrating the networks of businesses that operate nuclear power stations, manufacturing […]

FBI and DHS warn of targeted attacks on US Nuclear Facilities

Since May, APT actors have been penetrating the networks of US companies that operate nuclear facilities and that works in the energy industry.

According to a joint report issued by the Department of Homeland Security and the FBI published last week, since May, hackers have been penetrating the networks of businesses that operate nuclear power stations, manufacturing plants and energy facilities in the United States and other countries.

The Wolf Creek Nuclear Operating Corporation is one of the companies hit by hackers, it runs a nuclear power plant near Burlington, Kan.

nuclear facilities Wolf Creek Nuclear Operating Corporation

The news was disclosed by The New York Times that obtained the report, the attack was also confirmed by security experts involved in the incident response procedures.

The document doesn’t provide information related to the motivation of the attacks (sabotage or cyber espionage), it is not clear if attackers were able to fully compromise the target network and access the control systems of the facilities.

The attackers appear as part of a reconnaissance activity of the target infrastructure aimed to gather information for future attacks.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.” reads the joint statement from the FBI and the Department of Homeland Security,

“In most cases, the attacks targeted people — industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks who could not be named because of confidentiality agreements.” states The New York Times.

The experts have not doubt, the attackers belong to an “advanced persistent threat” group linked to a foreign government.

The attackers’ TTPs mimicked those of the APT groups that in the past targeted the energy industry, such as the Russian Energetic Bear APT group.

The hackers launched spear phishing attacks on senior industrial control engineers that have access to the critical industrial control systems in the target plants. The phishing emails messages containing fake résumés for control engineering jobs, they are weaponized Microsoft Word documents used by hackers to steal victims’ credentials and make lateral movements in the target networks.

The hackers also powered watering hole attacks compromising legitimate websites visited by the victims and used to deliver malware.

The Department of Homeland Security consider cyberattacks on critical infrastructure “one of the most serious national security challenges we must confront.”

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – Nuclear Facilities, hacking)

[adrotate banner=”13″]