Nuclear sector threatened by data leaks on the dark web


The dark web is full of data leaks containing sensitive data from critical infrastructure companies, including nuclear facilities. A cyber analyst claims this is a ripple effect of Russia's invasion of Ukraine.

ADVERTISEMENT

Cyble, a firm monitoring the dark web, said threat actors and hacktivist groups had leveraged the war in Ukraine to widen their attack services. Quite often, they target critical infrastructure and leak sensitive documents, including personally identifiable information (PII).

Cyble said there'd been a rise in cybercrime activities targeting the nuclear industry worldwide.

Starting this February, at least eight leaks were observed over the cybercrime forums and dark web, targeting nuclear facilities in Russia, Brazil, Iran, Taiwan, Indonesia, Thailand, India, and South Africa.

Timeline of nuclear leaks

ADVERTISEMENT

"Even though nuclear facilities are intended to be air-gapped, misconfigured networks, exposed assets, and vulnerable IT/OT devices with network and social engineering attacks can be considered critical elements when launching cyber-attacks," Cyble said.

In February, Anonymous hackers behind the #opRussia campaign targeted the Joint Institute for Nuclear Research and leaked various internal documents in an attempt to deter the Kremlin from the war in Ukraine.

OpRussia

In August, Pelosi's Taipei visit incited cyberattacks on Taiwan. Hacktivists claimed to have leaked TaiPower's source code on the dark web.

In August, hackers also hit Brazil's Electric Utility Company in Nuclear Energy, stealing supply chain related-documents, PII, and financial documents, among other data.

On October 21, a group calling itself Black Reward hacked Iran's atomic energy agency and gave the Iranian government 24 hours to release political prisoners arrested during the protests. When the authorities failed to follow through with their demands, Black Reward released a trove of hacked data, including files of contracts, construction plans, and details about equipment at Iran's Russian-backed nuclear power plant in Bushehr.

OpIran
ADVERTISEMENT

A large amount of confidential data and PII of critical sector organizations has been leaked on cybercrime forums. As a result, Cyble researchers believe launching a successful cyberattack on these facilities might become more prevalent.

"The recent fold of events on cybercrime forums indicates that the attackers can leverage this leaked information for further targeted attacks. The leaked information regarding types of devices, serial numbers, vendors, version details, firmware details, configuration details, network diagrams, tender documents, and employee details are a goldmine for attackers. These are key to developing specialized malware strains, reversing firmware to exploit zero-day vulnerabilities, and performing lateral movement within organizations dealing with nuclear infrastructure," it said in a blog post.