It is reported that the nuclear facility ``Sellafield'', which caused the worst marine pollution in history, was hacked by hackers associated with China and Russia



The Guardian, a major British daily newspaper, reported that

Sellafield , a nuclear power complex in northwestern England, had been hacked by a cybercriminal group linked to Russia and China. However, the British government has refuted this, saying, ``There is no evidence that Sellafield suffered any hacking damage as reported.''

Sellafield nuclear site hacked by groups linked to Russia and China | Energy industry | The Guardian
https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china



Sellafield started out as a military factory during World War II and began producing plutonium for military use in the 1940s during the Cold War. In 1957, the Windscale nuclear reactor fire, the worst nuclear accident in British history, occurred; in 1973, a large-scale leakage accident in which 31 workers were exposed; and in the 1980s, It is said to be one of the most dangerous places in the world, as the world's worst marine pollution was discovered due to the continuous discharge of waste liquid into the sea.

At the time of article creation, Sellafield is processing radioactive waste and decommissioning nuclear reactors over a long period of time until 2120, and has more than 11,000 people working for management and demolition work. Sellafield is said to have armed police security and emergency planning documents in case of a foreign attack, but The Guardian reports that Sellafield's research project ``Nuclear Leaks'' has revealed that Sellafield has close ties to Russia and China for cybercrime. It was reported that it was revealed that the group had been hacked.

According to The Guardian, authorities do not know exactly when Sellafield's IT systems were compromised, but sources have testified that the breach was first detected back in 2015. The malware found is said to be 'sleeper malware' that hides in systems and carries out spies and attacks, and is part of Sellafield's most sensitive activities, such as moving radioactive waste, monitoring radioactive leaks, and checking for fires. may have been at risk.



Sources say Sellafield failed to report to nuclear regulators for several years, making it difficult to quantify the full extent of the data loss and ongoing risk assessment of the system. The Guardian also reports that senior staff at Sellafield consistently covered up the breach and its potential impact.

According to the UK's

Office of Nuclear Regulation (ONR) and the intelligence agency, the Security Agency , Sellafield has taken ``special measures'' regarding cybersecurity issues in 2022. In addition, ONR is said to be preparing to prosecute Sellafield officials due to cybersecurity flaws.

Sellafield's insecure server problem was nicknamed 'Voldemort' after the villain in the Harry Potter series, according to a person familiar with the Nuclear Regulatory Authority investigation and security issues at Sellafield. Sellafield executives were aware of the ``serious security vulnerability'' at least as far back as 2012, but no effective improvements have been made more than 10 years later. .

The Nuclear Regulation Authority confirmed to The Guardian that Sellafield did not meet the required cybersecurity standards, but declined to comment on the breach or cover-up by executives. A spokesperson said, ``As some specific matters are under investigation, we are unable to comment further at this time.''

A Sellafield spokesperson also said: 'Sellafield takes cybersecurity very seriously and all of our systems and servers have multiple layers of protection. Our critical networks are isolated from the general IT network, so the attack on Sellafield will not penetrate them.'



The British government has responded to The Guardian's article by saying that there is no record or evidence that Sellafield was the victim of a cyber attack by a state actor. “Our monitoring systems are robust and we are confident that there is no such malware on our systems,” it claimed.

Britain says no evidence of Sellafield nuclear site hacking | Reuters
https://www.reuters.com/world/uk/britain-says-no-evidence-sellafield-nuclear-site-has-been-hacked-2023-12-04/

in Security, Posted by log1h_ik