Multiple hackers have broken into the computers of the Nuclear Regulatory Commission (NRC), an agency that has records on the location and condition of all nuclear reactors—including weapons-grade reactors—in the United States, NextGov reports.
Foreign powers are suspected of hacking the commission twice over the past three years. “An unidentifiable individual” compromised NRC systems as well, according to an internal investigation obtained by NextGov.
The three attacks came through different vectors. First, a broad phishing campaign sent an email with a malicious link to over 200 NRC staffers. A dozen employees clicked the link that prompted employees to enter their workplace username and password.
Spearphishing, or the targeting of specific individuals with malicious links, was also successfully employed as a weapon when an employee opened an attachment laced with malware. Investigators declined to name the attacking countries.
Finally, one individual hacker took over the personal email account of an NRC staffer. This was used to send emails to another 16 staffers with malicious PDF attachments that infected one employee who opened the document.
The Inspector General Cyber Crime Unit was unable to identify the individual, NextGov reports, because the Internet Service Provider’s “logs had been destroyed,” commission spokesman David McIntyre told NextGov.
It’s not clear what information the attackers may have stolen or if the hackers, who were all ostensibly foreign, were tied to a particular nation-state or were cybercriminals acting independently and broadly that just happened to hit the NRC along with many other targets.