Skip to main content
close search
site logo
Dive Brief

Russian hackers indicted for targeting nuclear firm Westinghouse Electric

Published Oct. 5, 2018
Robert Walton's headshot
Senior Reporter
Dollar Photo Club

Dive Brief:

  • The U.S. Department of Justice on Thursday issued an indictment of seven Russian military officers on hacking-related charges, including wire fraud, aggravated identity theft and money laundering.
  • While most of the hacking focused on the Olympics and attempting to discredit international anti-doping organizations, the group also allegedly tried to steal the login credentials of Westinghouse Electric employees who were involved in advanced nuclear reactor development and new reactor technology.
  • The indictment indicates a number of Westinghouse employees did click on links in spear-phishing emails, but the company said it does not believe hackers' attempts were successful. Westinghouse said it is cooperating with the Justice Department in an "ongoing investigation."

Dive Insight:

The federal indictment this week is a reminder that power sector companies face constant cyber threats and that their biggest vulnerabilities can often be their own employees. 

The indictment issued this week by a g​rand jury in the Western District of Pennsylvania describes intricate steps hackers took in their attempts to infiltrate Westinghouse Electric systems, going so far as to register domain names and develop spoof websites to capture employee credentials.

For instance, the hackers registered "westinqhousenuclear.com," substituting a "q" for a "g."

"Spear-phishing messages were composed to resemble emails from trustworthy senders, such as email providers or colleagues, and requested the recipients to click on hyperlinks in the messages," the indictment said. "Such hyperlinks would direct recipients to spoofed websites which prompted the recipients to enter their login and password and enabled the capture of their credentials."

The hackers also sent spear-phishing emails to the personal email accounts of four Westinghouse Electric employees, and two of them clicked on the "malicious link which would have enabled the theft of the login credentials to their personal email accounts," according to the indictment.

Those employees were involved in advanced nuclear reactor development and new reactor technology, but the company said its system was not ultimately infiltrated.

"We have found no evidence that the phishing campaigns against employees to breach Westinghouse’s systems were successful," Sarah Cassella, a spokesperson for Westinghouse, told Utility Dive via email. 

Westinghouse designs nuclear reactors for use in civilian power plants, and problems with its latest reactor design prompted the cancellation of the V.C. Summer project in South Carolina and large cost overruns and delays for the Vogtle plant under construction in Georgia.

Westinghouse declared bankruptcy in March due to struggles at the two plants. 

The company said security is a top priority and it maintains "robust processes and procedures to protect against cybersecurity threats." ​

Those threats are becoming both more persistent and sophisticated, as shown in the indictment and recent warnings from the federal government. 

In March, the Federal Bureau of Investigation and the Department of Homeland Security issued an alert warning that Russian hackers are involved in a methodical, long-term campaign to infiltrate critical infrastructure in the United States, including energy and nuclear. But it is unclear just how much success hackers have had, and cybersecurity experts must walk a fine line between overstating the immediate threat and warning of real consequences.

Over the summer, the Department of Homeland Security made headlines by claiming that hackers had infiltrated multiple utility control rooms, gaining the ability to "throw switches" on the grid and cause blackouts. The agency subsequently walked back that assertion, but said attempts to infiltrate are almost constant.

There have been successful intrusions abroad and there is a growing trend of hacking attempts focused on industrial control systems.

In 2015 a cyberattack in Ukraine knocked out power to almost a quarter million people, raising the profile of the threat faced by electric utilities. Since then, hackers also penetrated the safety systems of a petrochemical plant in Saudi Arabia, in part by taking advantage of an older device.

Recommended Reading

Filed Under: Generation

Editors' picks

Company Announcements

View all | Post a press release
Regional grid operator holds board meeting at boycotted hotel, drawing criticism from climate …
From Fix the Grid Campaign
November 06, 2024
Chartwell Electric Vehicle Benchmark Survey in the Field for North American Utilities
From Chartwell Inc.
November 19, 2024
Uplight’s Platform Empowers Utilities to Improve Business Customer Engagement
From Uplight
October 31, 2024
Cooling Towers Go Green: Clear Comfort Unveils New AOP Water Treatment Systems
From Clear Comfort
November 12, 2024
Editors' picks
Latest in Generation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell