Numerous hackers have accessed the computers of the Nuclear Regulatory Commission (NRC), a firm which has records about the position and condition of all nuclear reactors-including weapons-grade reactors-in the United States, NextGov reports.
Foreign forces are believed to have hacked the commission twice within the last three years. “An unidentifiable individual” compromised NRC systems too, as outlined by an internal investigation acquired by NextGov.
The three attacks emerged via various vectors. Initially, an extensive phishing campaign sent an e-mail with a malicious link to more than 200 NRC staffers. Several employees visited the link that persuaded staff to enter their workplace account information.
Spearphishing, targeting of particular people with malicious links, have also been effectively utilized as a weapon when an employee opened an attachment binded with malware. Investigators did not name the countries attacked.
Following the attack, a hacker took control of the private email account of an NRC staffer. It was utilized to send emails to another 16 staffers with malicious PDF attachments that infected one employee who opened the document.
The Inspector General Cyber Crime Unit was not able to find out the individual, NextGov reports, because the Internet Service Provider’s “logs had been destroyed,” commission spokesman David McIntyre told NextGov.
It is not clear if data was compromised, or if foreign powers are responsible.