A joint report issued by the FBI and Department of Homeland Security obtained by The New York Times reveals that since May, hackers have been targeting employees of nuclear power plants and other energy facilities, apparently attempting to map out their computer networks for future attacks.
The report, out on June 28, does not state if the hackers, whose identities and nationalities are unknown, are trying to steal company secrets or if they simply want to cause chaos, and does not say how many facilities have been breached. Two people familiar with the attacks told the Times industrial control engineers are primarily being targeted, because they have direct access to systems that, if harmed, could lead to explosions or hazardous material spills.
Hackers composed fake résumés for control engineering positions and sent them to senior industrial control engineers who have access to control systems, the report said. The résumés had malicious code in them, and when the engineers opened the documents, the hackers instantly had access to their credentials and were able to move on to other machines on the network, the Times reports.
One of the companies targeted, Wolf Creek Nuclear Operating Corporation, runs a nuclear power plant near Burlington, Kansas, and told the Times it could not comment on cyberattacks or security issues, but none of the plant's "operations systems" had been tampered with.