FBI-DHS “amber” alert warns energy industry of attacks on nuke plant operators
The Department of Homeland Security and FBI have issued a joint report providing details of malware attacks targeting employees of companies that operate nuclear power plants in the US, including the Wolf Creek Nuclear Operating Corporation, the New York Times reports. The attacks have been taking place since May, as detailed in the report issued by federal officials last week that was sent out to industry.
The “amber” alert to industry—the second highest level of severity for these types of reports from the FBI and DHS—noted that the attacks had been focused on employees’ personal computers but had not managed to jump to control systems. Administrative computers and reactor control systems in most cases are operated separately, and the control networks are generally “air-gapped”—kept disconnected from networks that attach to the Internet.
There is no evidence that information on plant operations was exposed. FBI and DHS analysts have not been able to determine the nature of the malware planted by the attempted hacks, which used a “spear-phishing” campaign targeting senior industrial control engineers at nuclear facilities. The tailored e-mails contained fake résumés, and appeared to be from people seeking control engineering jobs, according to the report seen by the Times.