The nuclear power plant at Cattenom, France, is the 12th largest in the world. Source – Gralo, CC SA 3.0.
Recent international news (and related to cybersecurity) indicates that Russian hackers have been targeting US nuclear research labs.
News sources indicate that Argonne, Brookhaven and Lawrence Livermore National Laboratories were attacked by the group.
Internet logs show hackers’ attempts to create fake login pages for the three labs. Following this, rebel actors emailed nuclear scientists in an effort to trick them into revealing their passwords.
According to Adam Meyers, senior vice president of intelligence at US cybersecurity firm CrowdStrike: “This is one of the biggest hacker groups you’ve never heard of. They are involved in direct support of the Kremlin’s information operations.”
Analyze the importance of the activity for Digital magazine is Itay Glick, vice president of products for OPSWATa global firm involved in critical infrastructure protection cybersecurity.
According to Glick, the issue demonstrates the many sides the international conflict is taking: “The Cold River campaign against US nuclear facilities was likely cyberespionage, as it directly correlates to geopolitical conflicts, as do other activities of this group.
As for seriousness, Glick explains: “We often hear how nuclear facilities are put at risk of attack through the use of USB and transient devices that can bypass air-gapped networks, or through remote access to stations. engineering and HMI workstations, such as the 2015 BlackEnergy attack on the Ukrainian power grid.”
On December 23, 2015, the power grid of two western Ukrainian provinces was hacked. This cyberattack caused power outages for 230,000 people in Ukraine for a period of between 1 and 6 hours. The cyberattack took place during the ongoing Russo-Ukrainian war (2014-present). The attack was attributed to a Russian advanced persistent threat group called “Sandworm”.
As for the mode of attack, Glick notes that the Cold River campaign took advantage of what remains one of the most common attack vectors: email. Through this: “Hackers created fake login pages for each facility, attempting to get staff to log in and reveal their passwords, with the goal of obtaining scientific information about the US nuclear manufacturing process.”
At the base of the attack is a general vulnerability. According to Glick: 2With increased connectivity between IT and OT, we can expect to see advanced adversary groups attacking OT/ICS to interfere with our way of life.”
There are measures that can be taken to strengthen defenses. Glick identifies them as: “Incidents like the Cold River campaign can be mitigated through a prevention-based approach, including the use of email security solutions that leverage data sanitization, advanced threat prevention like Multiple scanning and antiphishing with IP, domain and URL reputation checks.
