Hackers have been breaking into U.S. power plant networks, including a nuclear facility, since May

APTFilter CERT-LatestNews Security News ThreatsCybercrime ThreatsStrategic Uncategorized
Shown are a cooling towers at the Three Mile Island nuclear power plant in Middletown, Pennsylvania.
Shown are a cooling towers at the Three Mile Island nuclear power plant in Middletown, Pennsylvania.

Image: AP/REX/Shutterstock

Someone is creeping around the digital infrastructure of United States power plants, including a nuclear facility.

Hackers have been breaking into the administrative computer networks of U.S. plant operators since May, using tactics associated with a well-known Russian group, according to The New York Times.

Those tactics include phishing attempts like designing resumes of engineers that have dangerous code embedded in the documents, as well as infecting sites commonly accessed by employees of the place they’re trying to compromise. 

According to Bloomberg, Russia is a “chief suspect” in the hacking attempts.

The hacks themselves have had mixed results. While the hackers have succeeded in some ways — accessing computers of employees who work at power and nuclear facilities — they have so far failed in a larger sense, as they’ve been unable to access operating systems of the plants themselves. Computer networks that employees use to send emails and other tasks are not usually the same networks on which plants run.

“There was absolutely no operational impact to Wolf Creek (the nuclear plant breached in the hacks). The reason that is true is because the operational computer systems are completely separate from the corporate network,” Jenny Hageman, a spokesperson from the Wolf Creek, told Bloomberg News.

Still, despite being unable to break into U.S. plants’ operating systems, the general concern about plant hacking isn’t negligible. If the Russian government is indeed coordinating the hacking attempts, it could signal potential successful hacks in the future, on a much larger scale. Russian hackers have already caused havoc in the Ukrainian electrical grid at least twice since 2015. With the recent hacking attempts against the U.S., Russian hackers might be poking around for ways to access a backdoor in the operating system of certain power plants so they can barge in and take control when they feel the time is right.

Nuclear plants have backup generators that make them difficult to simply knock out, according to Bloomberg, but the U.S. should be the first nation to understand that this doesn’t mean a cyber weapon can have no physical impact on the integrity of a nuclear facility

Nearly a decade ago, the U.S. and Israeli governments built a cyberweapon called Stuxnet that wrecked Iranian nuclear centrifuges and threw Iran’s nuclear enrichment program into disarray. 

These new hacking attempts targeting U.S. power plans are far less sophisticated than Stuxnet. What’s happened since May isn’t a “cyberattack” so much as it is a hack.

But if the hacks turn into attacks, it’s not like there wasn’t any evidence foreshadowing what was to come.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003