The FBI and the Department of Homeland Security issued a code amber warning, the second-highest threat level, discussing the hackers targeting a number of companies that run energy facilities, including nuclear power facilities.
It’s not known whether the hackers were attempting to steal industrial secrets or if they’re trying to cause damage to the systems or the plants themselves, but a representative at Wolf Creek Nuclear Operating Corporation, a company named in the report, said that the only systems impacted were on the administrative and business side. There was, said the representative, no public safety threat.
While the exact source of the hack is not known, the report’s language seems to point to a group backed by some foreign government or another. Sources familiar with the hack say that the processes used to infiltrate Wolf Creek were similar to a Russian hacking group known as Energetic Bear, which has been cyberattacking the energy sector for several years now.
The techniques used involve sending code-laced fake resumes in Microsoft Word documents and hacking websites known to be visited by the targets or redirecting traffic from legit websites to fake ones that then infect the visitor’s computer.
The biggest fear is that a hacker would be able to take over SCADA, which stands for Supervisory Control and Data Acquisition. SCADA is used by operators to control and diagnose the operations of the plant, such as flow rates and pressure. Taking over SCADA could allow a hacker to do physical damage to a plant, and when a nuclear power plant suffers damage, very bad things can happen.