Share this article on:
A US nuclear laboratory has been breached by a hacktivist group, which then posted the stolen data on its leak site.
The SiegedSec hacktivist group claimed responsibility for the attack on the Idaho National Laboratory (INL), a nuclear research centre run by the US Department of Energy.
The lab contains 50 experimental nuclear reactors, including older models such as the first ones to produce usable electricity.
SiegedSec said it had accessed “hundreds of thousands of user, employee and citizen data”.
The data includes:
And “lots lots more”, according to the hacktivist group.
As proof of its endeavours, the group shared screenshots of tools used to access INL’s systems on its leak site, along with the stolen data.
While none of the stolen data related to nuclear research, the incident has sparked concerns over the security of critical infrastructure operators, particularly those whose data is highly sensitive, such as nuclear energy researchers.
INL has not yet released a statement on the breach; however, a spokesperson revealed to East Idaho News that it was aware of the breach and that it has engaged measures to protect its data.
“Earlier this morning, Idaho National Laboratory determined that it was the target of a cyber security data breach, affecting the servers supporting its Oracle HCM system, which supports its human resources applications. INL has taken immediate action to protect employee data,” INL media spokesperson Lori McNamara told East Idaho News, as seen by Bleeping Computer.
“INL has been in touch with federal law enforcement agencies, including the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency to investigate the extent of data impacted in this incident.”
Unlike ransomware groups, which steal data and then extort their victims for money in exchange for the deletion or return of said data, hacktivist groups like SiegedSec publish stolen data openly, in this case, on its Telegram channel.
SiegedSec has a definitive persona, describing itself as “gay furry hackers”, according to SOCRadar. Members on the group’s second Telegram share memes and pictures of cats, not unlike what you’d find on other corners of the clear web, such as on a Discord server.
The group toys with its victims in that persona, playing heavily into the cat theme.
“meow meow meow meow meow meow meow…we’ve successfully gained access to Idaho National Laboratory (inl.gov)! mmmm yummy data,” it said.
While the group said it had reached out to INL, it only joked about making a deal with the research lab.
“woah so much crunchy data :3 we also sent out an announcement to all users of their OTBI platform showing our access,” the group said.
“We’re willing to make a deal with INL. If they research creating irl catgirls we will take down this post :D.”