The Nuclear Regulatory Commission (NRC), the US government agency that monitors US nuclear reactors and weapons-grade nuclear materials, was hacked by unknown attackers, the commission confirmed in an e-mail statement to ValueWalk.
Nuclear Regulatory Commission reports no damage or document leaks
The Nuclear Regulatory Commission’s Computer Security Office detects and thwarts the vast majority of such hacking attempts and is said to have been successful with these most recent attempts. No damage was reported to NRC systems nor any classified documents taken. The few attempts documented by the NRC’s Computer Security Office and detailed in an Office of the Inspector General’s Cyber Crimes Unit report as gaining some access to NRC networks were detected and “appropriate measures were taken,” according to the NRC statement.
At issue most recently were approximately 215 NRC employees who received “phishing e-mail,” bogus attempts to persuade employees with classified clearance into the computer system to divulge sensitive information. The NRC acknowledges that at least 12 employees clicked on a link in the phishing email, taking them to a Google Spreadsheet that requested sensitive information. It is unknown what the 12 employees actually put on the spreadsheet, but based on the mere fact of clicking on the link, NRC cleaned their systems and changed their user profiles.
Nuclear Regulatory Commission employee’s personal e-mail account compromised
One Nuclear Regulatory Commission employee’s personal e-mail account was compromised and sent a malicious e-mail to 16 NRC employees, the NRC confirmed. Only one of the 16 NRC employees who received the malicious e-mail opened the e-mail and attachment and became infected, which caused that one employee’s computer to be replaced.
When OIG subpoenaed the Internet Service Provider (ISP) for records regarding the NRC employee’s personal email account, which was compromised, it was learned the ISP had no log records for that date that were relevant to this incident, since the logs had been destroyed by the ISP, the Nuclear Regulatory Commission’s Scott Burnell said.
Speculation in press reports indicated that a foreign government or nation state might be behind the attack.
“An organization like the NRC would be a target for nation states seeking information on vulnerabilities in critical infrastructure,” Richard Bejtlich, chief security strategist for cybersecurity company FireEye Inc (NASDAQ:FEYE), was quoted as saying.
“Clearly, the spearphishing is a technique that we’ve seen the Chinese and the Russians use before,” Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, said in the report. “Using the general logic, a nation state is going to be more interested in the NRC than you would imagine common criminals would be.”