The U.S. National Nuclear Security Administration confirmed that hackers have accessed its networks and engaged in cyber-espionage. This has happened in the context of the “Sunburst” attacks that have affected a large number of federal agencies and several organizations in the country. Now that the indicators of compromise are known, and the main backdoor communications domain has been seized, IT teams can figure out if they have an infection or not, and researchers can pinpoint breached networks.
The hack on this critical part of the Energy Department (DoE) is a blow on the American pride and also on the outgoing Cybersecurity and Infrastructure Security Agency (CISA). The National Nuclear Security Administration (NNSA) is the federal agency responsible for safeguarding national security through the military application of nuclear science. At an annual budget of $16.5 billion, it manages nuclear weapon stockpile, develops nuclear propulsion systems for the Navy, and is responsible for the enhancement of the security and safety of all nuclear plants in the country.
The agency is now sending notifications of a breach to the affected entities and people and informed CISA as required. The latter responded by saying that they’re already overwhelmed, as their resources are already all over the place, allocated to investigating the various points of Sunburst infection that were discovered previously.
Representatives of the DoE stated that they don’t know if the hackers managed to access anything yet. The malware infection was likely isolated to business networks only, not affecting the department’s mission-critical components.
However, this statement doesn’t have much value at this point as the investigation is ongoing and could reveal a lot of trouble as it progresses. This is along the same lines set by the FBI's recent joint statement, CISA, and ODNI, which states that damage was done, but nobody can estimate the magnitude just yet.
Netenrich’s CSO Brandon Hoffman told us: