Hackers stole nuclear research data and personal information off of a computer at the University of Toyama’s Hydrogen Isotope Research Center. According to university officials, the hackers posed as a Tokyo university student to deliver a malware-laden document to a teaching member at the center, which conducts research on hydrogen, deuterium, and tritium for nuclear reactions. That initial compromise occurred in November 2015.
For six months, the attackers maintained control over the researcher's computer and exploited their access to exfiltrate nuclear research data on three separate occasions. They did so by leveraging malware that was in part pre-programmed to search for "IAEA," which stands for the International Atomic Energy Agency. The first attack consisted of the hackers transferring approximately 1,000 files over an encrypted channel. University officials have yet to confirm the content of those files. In the second attack that occurred in March 2016, the actors stole information relating to the removal of contaminated water from the Fukushima No. 1 nuclear power plant. An external entity notified Toyama about the final data exfiltration attack, which occurred in June 2016. According to an official of the Education, Culture, Sports, Science and Technology Ministry, not one of the three attacks compromised confidential information:
"As far as we currently know, no confidential information was contained in the files suspected to have been stolen. However, we have requested the university examine the impact in detail, including what kinds of information were included in the parts of the files that cannot be decoded."
Even so, it's now known the attackers stole the personal information of 1,493 persons who work at the center. The university began notifying persons affected by the hack in October. Itsuro Nishimoto, chief engineering officer of LAC Co., says this attack should create a sense of urgency for industrial organizations:
"Leaks of personal information from cyber-attacks are often viewed as problematic. But in reality, damage to research achievements and corporate secrets are much more serious. Partly because such damage does not surface in many cases, awareness of the issue throughout society is weak. But people should have a sense of urgency when intellectual properties that are also important for national security are targeted."
To protect against malware attacks and phishing scams, all organizations should conduct ongoing security awareness training with their organizations. They should also make use of solutions like email filtering tools to block malicious incoming messages. For more information on how to defend against phishing attacks, please click here. News of this hack comes amid growing concerns for the security of industrial control systems. That's especially true after the chief of the IAEA confirmed that a targeted attack caused “some disruption” at a nuclear power plant in mid-October 2016.
