Someone's phishing US nuke power stations. So far, no kaboom

Don't panic, but attackers are trying to phish their way into machines in various US power facilities, including nuclear power station operators.

It seems so far that whoever is behind the campaign has tried phishing and watering-hole attacks, but haven't got beyond corporate networks (which in critical infrastructure should be on separate networks from the operational systems).

The New York Times got wind of the intrusion attempts, getting a look at a joint Department of Homeland Security/FBI report.

The money quote from the story appears to be this:

There is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities, nor is it clear how many facilities were breached.

Spokespeople for one of the targets, the Wolf Creek Nuclear Operating Corporation (in charge of a facility near Burlington in Kansas) said it maintained separate networks for corporate and operations systems, so there was no risk to its power stations.

The incoming messages, the NYT says, used fake CVs to try and trick targets into opening infected messages. There's also an indication that whoever's behind the campaign tried watering hole hole attacks as well.

Bloomberg added the almost inevitable detail that unnamed officials believe Russia is behind the campaign.

That report says a DHS alert circulated among power stations named Wolf Creek in error, but added that the attackers had apparently gained at least one set of user credentials.

One expert told Bloomberg: “Even if there is no indication that the hackers gained access to those control systems, the design of the malware suggests they may have at least been looking for ways to do so”.

Bloomberg also says an unnamed control system manufacturer was “recently” infiltrated in what may have been a related attack.

Not everybody is panicking:

Alternative Title: Spearphishing Emails Target Plant Operators no ICS Impact or Attacks Occured https://t.co/kuT4ND3q3K

— Robert M. Lee (@RobertMLee) July 7, 2017

Lee also pointed out that it's a long way from phishing to “the next Stuxnet” (which was delivered via the sneakernet of infected USB devices). ®