Cyble researchers witnessed a rise in cybercrime against the nuclear industry worldwide. Various attacks against nuclear facilities, over the years, have demonstrated that attackers are getting more sophisticated every passing day.

Top incidents in 2022

  • Since February this year, nuclear facilities in Russia, Taiwan, Brazil, Indonesia, Iran, Thailand, India, and South Africa have been targeted. 
  • In June, a threat actor claimed to have hacked into Taiwan Power Company (Taipower) Nuclear Power Plant Evacuation Information Platform and posted screenshots of the source code. 
  • In September, the Black Reward hacking group claimed credit for an attack on a subsidiary of Iran Atomic Energy. It, reportedly, had gained access to email systems, confidential agreements, private conversations, sensitive plans, and PII. 

Why this matters

  • Although nuclear entities are supposed to be air-gapped, vulnerable IT/OT devices, misconfigured networks, and exposed assets are critical components during a cyberattack.
  • Moreover, a high volume of PII and confidential information about critical sector employees and organizations working in such facilities have already been leaked on the dark web. Therefore, conducting cyberattacks against nuclear facilities may become widespread. 
  • Threat actors can abuse this leaked information—types of devices, vendor details, version details, firmware and configuration details, and others—for further targeted attacks. 
  • These can be used to build custom malware strains, perform lateral movement, and reverse firmware to abuse zero days. 

The bottom line

Cyble recommends implementing network segmentation, keeping critical assets behind layered firewalls, keeping applications patched and implementing MFA, among others. Protecting nuclear infrastructure from cyberattacks has become a greater concern now than ever before due to the rise in volume and intensity of the attacks. Hence, it is crucial that the nuclear industry adopts a proactive approach to cybersecurity to detect the cyber threats looming over the industry.
Cyware Publisher

Publisher

Cyware