Hackers have been targeting nuclear plants in the US and abroad

An image taken with a thermal camera shows the shutdown of a nuclear power plant in Germany. The picture does not show any temperature difference outside the power plant.

Firms operating nuclear power plants and other energy facilities in the US have been under attack by hackers in recent months, according to a report by The New York Times.

The Department of Homeland Security and the FBI issued an urgent joint report last week warning operators of the attacks.

The intrusions have been happening since May, hitting companies including Wolf Creek Nuclear Operating Corporation, which operates a nuclear power plant in Kansas, the New York Times reports. 

"What made these particular hacks disturbing was that they were really targeting nuclear facilities' quality control engineers, who are the people who have access to the operational systems at nuclear facilities," said New York Times reporter Nicole Perlroth. 

It's not clear who is behind the attack, but Perlroth says investigators are comparing the hackers' techniques to those of a Russian hacking group known to cybersecurity specialists as Energetic Bear.

"[We believe that] they are nation-state backed … because of the amount of resources it takes [to] target as many facilities are they have and in as many ways that they have," Perlroth said. "But beyond that, we don't know exactly who they are. They could be Russian contracted hackers, they could be what [Russian President] Vladimir Putin calls patriotic hackers and they could be sitting in a government society. We really just don't know."

Researchers say Energetic Bear has been tied to attacks against the energy sector since at least 2012.

The motive behind this year's attacks is unclear, but the joint report concluded that "the hackers appeared determined to map out computer networks for future attacks."

"What I found particularly disturbing about the joint DHS and FBI report is that … the so-called 'payload' that hackers used or deployed onto these peoples' computers has yet to be analyzed," Perlroth said. "Until that happens, we really won't know what, exactly, they were planning to do once they got into these systems."

In the past, cyberattackers have targeted similar facilities to steal blueprints and trade secrets, as well as to cause destruction of physical infrastructure. 

Such an attack was carried out by the US and Israel against Iran in 2008, the New York Times story says: "In 2008, an attack called Stuxnet that was designed by the United States and Israel to hit Iran’s main nuclear enrichment facility, demonstrated how computer attacks could disrupt and destroy physical infrastructure.

"The government hackers infiltrated the systems that controlled Iran’s nuclear centrifuges and spun them wildly out of control, or stopped them from spinning entirely, destroying a fifth of Iran’s centrifuges." 

The DHS and FBI joint report carried an urgent "amber warning," the second-highest rating for threat severity. It did not indicate how many facilities were targeted

"Based on our reporting we know that more than two dozen nuclear facilities were targeted," Perlroth said. "We don't know how many were successfully compromised. … But it was clear in that [hackers] wanted to target the people who do have access to the [operational] systems."

Invest in independent global news

The World is an independent newsroom. We’re not funded by billionaires; instead, we rely on readers and listeners like you. As a listener, you’re a crucial part of our team and our global community. Your support is vital to running our nonprofit newsroom, and we can’t do this work without you. Will you support The World with a gift today? Donations made between now and Dec. 31 will be matched 1:1. Thanks for investing in our work!