Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Nuclear Agency. Show all posts

Idaho National Laboratory Suffers Data Breach, Employee Data Compromised


Idaho National Laboratory, the nuclear energy testing lab that comprise of an estimated 5,700 experts, has recently suffered a major data breach in their systems.

The data breach took place last Sunday, on November 19. The stolen data comprise of the laboratory’s employees’ critical data, which was later leaked on online forums. 

The investigation on the breach is being carried out by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, who are working in collaboration with INL, a spokesperson informed. Physical addresses, bank account details, and Social Security numbers are among the data that are impacted.

In an interview regarding the incident, the spokesperson told local news outlet EastIdahoNews.com that the breach has impacted INL’s Oracle HCM system, a cloud-based workforce management platform that offers payroll and other HR solutions, was impacted by the attack.

SiegedSec, a self-entitled hacktivist group has since taken responsibility of the attack, following which it published a sample of the stolen employee data online, which included full names, dates of birth, email addresses, contact details and other identity info of the INL employees to their data breach forum. 

The group, which seems to have political motivations, was also accused in the past of stealing information from the Communities of Interest Cooperation Portal, an unclassified information-sharing portal run by NATO.

However, INL has not implied that the breach has had any impact on its classified information or nuclear research, and CISA did not immediately respond to the request for a comment. 

Regardless of whether the classified nuclear details were accessed by the threat actors, Colin Little, security engineer at the cybersecurity firm Centripetal, said it is "highly disconcerting that the staff generating that intellectual property and participating in the most advanced nuclear energy research and development have had their information leaked online."

"Now those who are politically motivated and would very much like to know the names and addresses of the top nuclear energy researchers in the U.S. have that data," he said. 

INL supports large-scale initiatives from the Department of Energy, the Department of Defense. The laboratory bills itself as "a world leader in securing critical infrastructure systems and improving the resiliency of vital national security and defense assets."

Objectives for Ransomware Attack Against Nuclear Contractor Sol Oriens Remain Unknown

 

New Mexico-based government contractor Sol Oriens was attacked by the Russian REvil ransomware group that sparked worries in the national security community, because of the company's work with the Department of Energy's National Nuclear Security Administration.

However, the motives for the attack remain unknown. Sol Oriens confirmed it was targeted in May, according to CNBC's Eamon Javers, and the corporation stated no sensitive or important security-related material was compromised. The company's website remained down as of Friday, and Mother Jones reported that it had been down since June 3. Sol Oriens has yet not confirmed if the attack was ransomware. 

According to Michael DeBolt, senior vice president of intelligence at Intel 471, Sol Oriens was targeted by REvil, the same group that was accused of targeting meat manufacturer JBS. 

“From the REvil blog, all indications are that Sol Oriens was a target of opportunity, and not of design tied to some state-sponsored entity,” DeBolt stated. 

“However the sensitive nature of this particular victim did not elude the REvil operators and affiliates responsible for the attack. In fact, they explicitly threatened to reveal ‘documentation and data to military agencies of our choice [sic]’ and shared proof by way of screenshots on their name and shame blog. Even so, these actors primarily remain financially motivated.” 

According to Gary Kinghorn, senior director of marketing and alliances at Tempered Networks, the vulnerability of the information in this breach appears to be less than catastrophic if it was restricted to personal information and contacts, but there's no way of knowing if it went further than that. The goals of this attack, according to Kinghorn, are clearly useful to geopolitical opponents, and enterprises must be aware of the immense sophistication and resources behind these operations, regardless of purpose. 

Kinghorn added, “Organizations, particularly those holding DoE-class information and secrets, have to realize that yesterday’s security tools are no longer enough and are too error-prone to justify.” 

“The National Security Agency has already strongly suggested that government agencies move to zero trusts and even ensure encryption of all data in motion. These advanced steps can effectively make networks unhackable. However, right now, organizations are still weighing the costs and ROI until they get exposed like this to make changes.”

Child Tweets Gibberish from US Nuclear Agency Account

 

An unintelligible tweet sent out from the official account of U.S. Strategic Command in charge of the nation’s nuclear arsenal last weekend had left many in shock. Some jokingly said the cryptic tweet, “;l;;gmlxzssaw,” was a US nuclear launch code and some even thought it was a message to political conspiracists.

Now the US strategic command has revealed that it was a young member of the account’s social media manager who accidentally tweeted from the official account, which was then deleted within minutes. Many people saw this tweet as an attack on the country’s nuclear arsenal including Mikael Thalen, a journalist with the Daily Dot. He decided to file a Freedom of Information Act (FOIA) request to get answers. 

“Filed a FOIA request with U.S. Strategic Command to see if I could learn anything about their gibberish tweet yesterday. Turns out their Twitter manager left his computer unattended, resulting in his ‘very young child’ commandeering the keyboard,” Thalen wrote on his Twitter account. 

“The command’s Twitter manager…momentarily left the command’s Twitter account open and unattended. His very young child took advantage of the situation and started playing with the keys and unfortunately, and unknowingly, posted the tweet. Absolutely nothing nefarious occurred, i.e., no hacking of our Twitter account. The post was discovered and notice to delete it occurred telephonically,” U.S. Strategic Command responded. 

According to a report published by Kaspersky security researchers, remote workers can be more vulnerable to outside attacks, which was proved in this instance. “Lockdown has been a stressful time for everyone…without additional support from young employers, young people and caregivers could continue to deviate further from pre-set and learned IT security rules, exposing their companies to further increased security risk,” Margaret Cunnigham, principal researcher at Facepoint stated.