US warns businesses of hacking campaign against nuclear, energy firms
Hackers use ‘phishing’ emails to ‘harvest credentials’
TORONTO: The US government this week warned American industrial firms about hacking activity targeting the nuclear and energy sectors, a security report seen by Reuters on Friday said, the latest event to highlight the power industry’s vulnerability to cyberattacks.
Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, the joint report from the US Department of Homeland Security and FBI said.
The report said that in some cases hackers succeeded in compromising the networks of their targets, though it did not identify specific victims of the campaign.
“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.
Homeland Security and FBI officials could not be reached for comment on the report, which was dated June 28.
Energy firms have become increasingly concerned about the threat from hackers following cyberattacks that cut power to Ukraine in 2015 and 2016.
The energy industry news site E&E News reported on Tuesday that US investigators were looking into cyber intrusions this year at multiple nuclear power generators,
Reuters has not confirmed details of that report, which said that there was no evidence safety systems had been compromised at the affected plants. It was not immediately clear whether those incidents were related to the hacking activity described by the FBI and Homeland Security.
The report provided technical details to help firms identify whether they had been compromised and information on how to defend against the hacking campaign.