US officials have concluded that hackers working on behalf of a foreign power recently breached at least a dozen US nuclear power sites, Bloomberg reported on Thursday.
Bloomberg cited multiple US sources who said they had zeroed in on Russia as the primary suspect behind the most recent attacks, including one at Kansas’ Wolf Creek nuclear facility.
Officials believe the attacks may be related to a separate hack that happened late last month, in which unidentified hackers infiltrated the business-associated end of the power plant. The name and location of that site were not released, but E&E News reported that federal investigators were looking into cyberattacks on multiple facilities at the time.
When reached for comment about the latest hacks, government officials and a spokesperson for Wolf Creek said the operational side of its network had not been affected.
“There was absolutely no operational impact to Wolf Creek,” Jenny Hageman, a spokeswoman for the nuclear plant, said in a statement to Bloomberg News. “The reason that is true is because the operational computer systems are completely separate from the corporate network.”
But the hacks have raised red flags for investigators who worry Russia may be gearing up to levy an attack against the US power grid. If that were the case, it would fit into a pattern adopted by Russia in the past, particularly as it relates to Ukraine.
In 2015, a massive cyberattack leveled against the country’s power grid cut electricity to almost 250,000 Ukrainians. Cybersecurity experts linked the attack to IP addresses associated with Russia. Since then, Wired magazine’s Andy Greenberg reported, Ukraine has seen a growing crisis in which an increasing number of Ukrainian corporations and government agencies have been hit by cyberattacks in a “rapid, remorseless succession.”
Ukraine is now host to what may turn into a full-blown cyberwar, Greenberg reported. Two separate attacks on the country’s power grid were part of what Greenberg called a “digital blitzkrieg” waged against it for the past three years, which multiple analysts have connected to Russian interests.
With respect to the recent cyberattacks on US nuclear facilities, the Department of Homeland Security and Federal Bureau of Investigation said they were aware of the intrusions.
“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the agencies said in a statement.
But cybersecurity experts say that once a system is breached in any way — even if it’s not on the operational side — nuclear safety could be at risk down the road.
“If a nuclear power facility is attacked on the business side, that might actually serve as a way of information-gathering” for hackers, Paulo Shakarian, founder of the cybersecurity firm CYR3CON, told Business Insider. In some cases, hackers will try to “see if, by reaching that system, they can get more insight into what the facility is using on the operational side,” Shakarian said.
Though nuclear power providers have rigorous practices in place to divide business and nuclear operations in their networks, experts say an attack on one could inform an attack on the other.
Greg Martin, the CEO of cybersecurity firm JASK, said that while it was “wonderful” that network segmentation prevented hackers from being able to attack critical infrastructure directly, “the business side has tons of information about the more vulnerable infrastructure side of these types of plants.”
That information can include emails; communications involving design plans; information about security assessments; emails or documents that contain passwords; and more. Martin echoed Shakarian’s assessment and added that some information that can be gleaned from a breach like this can open up a window that “can be used to set up for future, more damaging attacks just based on the proprietary information they’re able to steal.”
These latest suspicions towards Russia come on the heels of a colossal cyberattack that crippled countries and corporations across the globe, which cybersecurity experts said Russia may have perpetrated.
Russia was also found to have hacked the 2016 US election in an effort to damage then-candidate Hillary Clinton’s campaign and tilt the election in favour of Donald Trump. Russia has so far denied all the charges against it.