Kansas nuclear operator is victim in hacking spree: Bloomberg

CERT-LatestNews ThreatsCybercrime ThreatsEconomic ThreatsStrategic Uncategorized

By Jim Finkle

Hackers recently breached a Kansas nuclear power operator as part of a campaign that breached at least a dozen U.S. power firms, Bloomberg News reported on Thursday, citing current and former U.S. officials who were not named.

The Wolf Creek nuclear facility in Kansas was breached in the attack, according to Bloomberg.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said in an email to Reuters.

The report identified the first known victims of a hacking campaign targeting the power sector that was first reported by Reuters on June 30. The attacks were described in a confidential June 28 U.S government alert to industrial firms, warning them of a hacking campaign targeting the nuclear, power and critical infrastructure sectors.

The U.S. Department of Homeland Security and Federal Bureau of Investigation said that hackers had succeeded in compromising networks of some targets, but did not name victims. The government also released a 30-page bulletin with advice on how firms could bolster security to defend against the attacks.

The alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

Homeland Security and the FBI issued a statement to Reuters late on Thursday saying that the alert was part of an ongoing effort to advise industry of cyber threats.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the agencies said.

A nuclear industry spokesman told Reuters on Saturday that hackers have never gained access to a nuclear plant.

The Homeland Security technical bulletin included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

(Reporting by Jim Finkle in Toronto; Additional reporting by Dustin Volz in Washington; Editing by Bernard Orr)

Next In Cyber Risk