Nuclear Regulatory Commission Compromised by Spearphishing

Nextgov is reporting on an Inspector General’s report regarding the  Nuclear Regulatory Commission (NRC). Nextgov obtained the report under the Freedom of Information Act. The NRC has oversight over nuclear plants in the US, including the inventories of weapons-grade materials.



According to Nextgov, over the last three years the NRC was breached three times by deceptive emails.

In one incident, about 215 employees received emails which sought to harvest credentials. About a dozen people followed the malicious link to the credential harvesting site. Whether credentials were stolen or used is unknown, the NRC cleaned their systems in response to this attack. This attack was traced to a foreign country.

In a second spearphishing incident, the spearphishing email linked to malicious software. This attack was traced to a foreign country.

In the third incident, an employee’s personal email account was compromised.  From the compromised personal account, a malicious attachment was sent to 16 co-workers. This attack could not be traced because the personal email hosting service did not have the required logs.

Speculating on who orchestrated the attacks, Nextgov wrote:

“Clearly, the spearphishing is a technique that we’ve seen the Chinese and the Russians use before,” said Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations. “Using the general logic, a nation state is going to be more interested in the NRC than you would imagine common criminals would be.”

In a blog posting reflecting on these incidents, Sophos observed:

Most worrying of all though is that phishing – a technique that’s as old as the hills in computing terms – is still productive against organisations that should be prepared for it.

What is phishing?  Phishing is nothing more than deception perpetrated in email.  It is easy to deceive email recipients. Letting users decide which emails to trust is dangerous. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. You can contact us using our online form.

2017-01-07T17:35:14+00:00August 19th, 2014|Cybersecurity - General, SP Guard, spear phishing|