Nuclear Regulatory Commission Compromised 3 Times In Past 3 Years
Unnamed actors try to swipe privileged credentials.
The Nuclear Regulatory Commission has been compromised three times in the past three years via email-based attacks, according to internal NRC documents obtained by Nextgov.
The NRC houses data about the locations, conditions, and inventories of nuclear plants across the globe.
Two of the breaches were tracked back to sources outside the US, who used spearphishing messages to coax NRC employees to part with their login credentials or to download malware stored on a Microsoft SkyDrive site. The countries from which the attacks originated were not named in the report.
In a third breach, an attacker took hold of an NRC employee's email account and used it to email malicious PDFs to 16 other employees. Investigators subpoenaed the ISP for records that might help them track the attacker, but the log files for the date in question had been destroyed.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024