The New York Times and Bloomberg both claim that Russian hackers have been attempting to infiltrate America's nuclear power industry. The infiltrations themselves have been public knowledge since last week, but now fingers are being pointed towards the usual suspects. Unlike Stuxnet, a worm that specifically targeted nuclear facilities, this program was not intended to take down the plants themselves. Instead, malware was used in an attempt to infiltrate the corporate networks of the companies that run the power plants.
Or said more simply: phishing emails are lightyears removed from "what about Stuxnet" arguments. It's simply otherworldly in comparison.
— Robert M. Lee (@RobertMLee) July 7, 2017
On one hand, that's good, because it means that there's no obvious, immediate threat to life and limb or the risk of every nuclear reactor suddenly switching itself off. On the other, the hackers reportedly sent malware-laden CVs to key employees who have access to critical nuclear systems. The intention is either to watch those systems for intelligence gathering, or to obtain credentials that could be used in a later breach. It's a method that certain, anonymous, experts have told the Times matches the MO of the Russian hacking group Energetic Bear.
Very important correx: Hit with malware that appears to serve as surveillance to set up potential further attacks.
This matters for norms. https://t.co/1R2lSfvIND
— emptywheel (@emptywheel) July 7, 2017
2017 is shaping up to be a very big year in the not-so cold war between nation state-level hackers and the countries that they target. We've already seen the NotPetya worm take down systems in the US, Russia, Europe and Ukraine, as well as malware attacks like WannaCry. Private sector attacks are also on the increase, with big names like Chipotle, OneLogin and the companies that make voting machines. Let's hope that the White House's initiative to harden the US against cyber intrusion is successful, or else this will keep being a threat.