The Department of Homeland Security and the FBI have released a joint statement and amber alert involving an ongoing spear-phishing scheme targeting U.S. nuclear power plants, The New York Times reports.
An amber alert is the second-highest warning that the FBI can issue in terms of threat sensitivity.
Among those targeted is the Wolf Creek Nuclear Operating Corporation outside of Burlington, Kansas. Representatives from the plant have said that so far no operating systems have been affected, and that the nuclear plant network is kept separate from their corporate network.
A spokesperson for the joint report said, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
So, what's going on then?
The New York Times reports that hackers were targeting senior industrial control engineers by sending them resumes containing malicious Microsoft Word documents, in hopes of gaining their administrative credentials.
If accessed, hackers would have control over parts of the system that would allow them to cause spills, fires, or explosions.
However, the report concluded that the cyber criminals were seemingly after network plans to prepare for a possible future attack, but were unable to jump across the air-gapped networks.
These particular attacks began happening in May of this year.
Paul Edon, Director of International Customer Services at Tripwire, said, “For any business that has an industrial control system footprint, whether in manufacturing, transportation or energy, now is the time to evaluate how the environment is being secured. Failure to do so could result in a devastating attack, which could cause serious damage or even endanger public safety."
While DHS and the FBI have so far been unable to determine who's behind these attacks, certain researchers have pointed out similarities to Energetic Bear, a Russian hacking group that's been knowingly targeting U.S. infrastructure since 2012.
After recent attacks on Ukrainian and Russian critical infrastructure, including the Chernobyl nuclear power plant, it's more important than ever to maintain good cybersecurity hygiene on our networks.
