Lawmakers ask DOE for documents related to cyberattack on nuclear research laboratories by Russian hackers
Two U.S. committees have called upon the Department of Energy (DOE) for all documents and communications related to three DOE National Laboratories targeted by a Russian hacking team during the summer of 2022. The Committees also seek information related to these incidents to determine the impact of the attempted intrusions and evaluate what DOE is doing to ensure the continued security of sensitive scientific research and development at its National Laboratories.
The move by the Committees follows a report that a Russian hacking team, known as Cold River, targeted three nuclear research laboratories in the U.S., according to internet records reviewed by Reuters and five cyber security experts.
The reports pointed out that between August and September last year, the Russian hacking team, known to support Russian government information operations, created false login pages for three DOE National Laboratories and sent emails to nuclear scientists to elicit their passwords. The targeted labs—Brookhaven National Laboratory (BNL), Argonne National Laboratory (ANL), and Lawrence Livermore National Laboratory (LLNL) – work on scientific research critical to the national security and competitiveness of the U.S.
Reuters was, however, unable to determine why the labs were targeted or if any attempted intrusion was successful.
James Comer, a Republican from Kentucky and chairman of the House Committee on Oversight and Accountability Chairman, and Frank Lucas, a Republican from Oklahoma and chairman of the House Committee on Science, Space, and Technology, wrote in their Thursday letter to Jennifer Granholm, DOE Secretary that “although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States.”
The Committee on Oversight and Accountability is the principal oversight committee of the U.S. House of Representatives and has broad authority to investigate ‘any matter’ at ‘any time.’ The letter further states that the hacking group responsible for the attempted intrusions of DOE National Laboratories, known as Cold River, has been implicated in prior hacking operations targeting key allies of the United States to benefit the Russian government.
To help the Committees grasp the magnitude of the attempted breaches, how DOE reacted, and what steps they are taking to continuously ensure the security of their National Laboratories, the Committees’ letter requested “the following documents and information, covering the time period July 1, 2022, to the present, as soon as possible but no later than February 16, 2023.”
The Comer-Lucas letter sought all documents and communications between DOE, BNL, ANL, LLNL, and any other impacted National Laboratory regarding the hacking attempt by Cold River described above. They also called for “all documents and communications between DOE, BNL, ANL, LLNL, and any other impacted National Laboratory and any other department or federal agency regarding the hacking attempt by Cold River described above.”
Additionally, the letter requested “all documents and communications between DOE, BNL, ANL, LLNL, and any other impacted National Laboratory and any contractor or subcontractor supporting the DOE regarding the hacking attempt by Cold River described above.”
Google’s Threat Analysis Group (TAG) describes COLDRIVER as a Russian-based threat actor sometimes referred to as Callisto, which uses Gmail accounts to send credential phishing emails to a variety of Google and non-Google accounts. The targets include government and defense officials, politicians, NGOs and think tanks, and journalists. The group’s tactics, techniques and procedures (TTPs) for these campaigns have shifted slightly from including phishing links directly in the email, to also linking to PDFs and/or DOCs hosted on Google Drive and Microsoft One Drive. Within these files is a link to an attacker-controlled phishing domain.
Last March, the U.S. administration warned about potential cyberattacks, specifically stating that “[t]here is now evolving intelligence that Russia may be exploring options for potential cyberattacks” as a response to U.S. sanctions.
Faced with a continuous onslaught of cyberattacks, the energy sector will need to establish practices and institutions that drive down the cost of deploying strong cybersecurity across the energy value chain. Startups, subcontractors, and small utilities will become a consistently weak link in the energy ecosystem if affordable, effective cybersecurity remains unavailable.
Regulators in the energy sector should ensure they enable—or at a minimum, don’t stifle—technology innovations that enhance cybersecurity, Leo Simonovich and Reed Blakemore, wrote in an Atlantic Council blog post. “Cyber innovation will need to keep pace with both the new technologies of the energy transformation and the known risks to those technologies, even if slow-moving regulatory processes have not yet accounted for new business models, technologies, or threats.”
“Similarly, regulators should consider how to encourage rapid information sharing about threat intelligence,” Simonovich and Blakemore added. “Although threat intelligence can help quickly harden targets against novel attacks, operators may be reluctant to share information if they believe it will later lead to legal and financial liabilities. Tabletop exercises that convene public and private organizations can improve incident response, building relationships and providing actionable insights before a crisis occurs.”
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
