Tag Archive for: facility

Operator of Sellafield nuclear facility denies hacking claims


Sellafield Ltd, the Nuclear Decomissioning Authority (NDA)-backed organisation responsible for winding up the controversial Sellafield facility in Cumbria – the scene of the UK’s worst ever nuclear accident in 1957 – has denied allegations that its IT networks have been comprehensively compromised by both Chinese and Russian threat actors, deploying so-called sleeper malware that lay undetected on its systems for years to conduct espionage.

Earlier this week, the Guardian newspaper published the results of a lengthy investigation in which it accused the organisation’s senior management of having “consistently covered up” the scale of the intrusions, which it is claimed date back to 2015.

The report alleged that the extent of the supposed breach only came to light when workers at other sites found they were able to access Sellafield’s systems remotely and escalated to the Office for Nuclear Regulation (ONR). It said an insider had described Sellafield’s server network as “fundamentally insecure”, and highlighted other concerns including outside contractors using USB memory sticks at the site and an incident in which user credentials were inadvertently filmed and broadcast by a BBC camera crew.

A spokesperson for Sellafield Ltd said: “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian. Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

“We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection…Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these,” they added.

However, this is not the first time that evidence of cyber intrusions affecting Sellafield have come to light. In 2021, for example, the Information Commissioner’s Office (ICO) ruled against the organisation over data breach offences, although these related to an employment tribunal and not critical information on the facility, while Private Eye has…

Source…

In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach 


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

SentinelOne ends Wiz collaboration following acquisition rumors

SentinelOne has ended its collaboration with cloud security firm Wiz following reports of a potential merger valued at $5-6 billion. SentinelOne shut down the rumors that it’s being acquired by Wiz a few days later, when it announced its decision to unilaterally terminate its six-month-old partnership with Wiz “as a result of their continued lack of execution against their commitments”.

Hackers may be breaking into LastPass vaults compromised in data breach 

Advertisement. Scroll to continue reading.

Some experts believe that threat actors may be breaking into the LastPass vaults compromised in a data breach last year, security blogger Brian Krebs reported. An investigation showed that many security-conscious individuals who had a total of $35 million worth of cryptocurrency stolen from them had used LastPass to store their private key.

Semiconductor company NXP discloses data breach

Dutch semiconductor designer and manufacturer NPX has disclosed a data breach affecting the email addresses of users who had registered an account on npx.com, but had not used it for at least 18 months. No other information was exposed, NPX said. 

Data breach at golf equipment maker Callaway impacts one million people

Callaway, a company that makes clubs, balls and other golf equipment, has disclosed a data breach affecting more than one million people. The firm said it discovered unauthorized access to information such as name, email address, phone number, order history, password, and security question answer. 

New report details how China is weaponizing…

Source…

Former Contractor Employee Charged for Hacking California Water Treatment Facility


A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software.

The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking. 

Gallo worked for a company contracted by the town of Discovery Bay in California to operate its water treatment facility, which serves 15,000 residents. 

He worked at the company between 2016 and the end of 2020, and during this time he allegedly installed software that allowed him to access the facility’s systems from his personal computer. 

After he resigned in January 2021, he used that remote access software to enter the water facility’s systems and “transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels,” according to a press release from authorities in the Northern District of California. 

Gallo faces up to 10 years in prison and a $250,000 fine. 

It’s not uncommon for water facilities to be targeted, including by former employees. One of the most well-known incidents involves the water plant in Oldsmar, Florida. While initially it was believed that malicious hackers had tried to poison the water supply, recent reports said the incident did not involve any hacking and it may have actually been the result of human error. 

Advertisement. Scroll to continue reading.

Related: US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers

Related: Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

Related: Former Cisco Employee Sentenced to Prison for Webex Hack

Related: Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

Source…

Kratos, Oklahoma Elected Officials Celebrate Completion of 100th MQM-178 Firejet High-Performance Jet Drone System at Oklahoma City Aircraft Manufacturing Facility


SAN DIEGO, April 12, 2023 (GLOBE NEWSWIRE) — Kratos Defense & Security Solutions, Inc. (NASDAQ: KTOS), a Technology Company in the Defense, National Security and Global Markets and an industry-leading provider of high-performance, jet-powered unmanned aerial systems, joined by Oklahoma Secretary of Military and Veterans Affairs John Nash, Senator Markwayne Mullin (R-OK), Representative Tom Cole (R-OK-4), and Representative Stephanie Bice (R-OK-5), today celebrated the 100th MQM-178 Firejet high-performance jet powered target drone aircraft produced at the Kratos Unmanned aircraft manufacturing facility in Oklahoma City.

Kratos MQM-178 Firejet on Launcher is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/2e145536-3598-438a-95f7-ce0daec7d453

With primary customers including the United States Air Force, Navy, and Army, as well as foreign ally militaries, the Kratos Unmanned Systems Division opened this manufacturing facility in November 2018 to accommodate the existing and increasing demand for its newest line of high performance, jet-powered unmanned aerial tactical drone and target drone systems.

Today, the Kratos Unmanned Oklahoma City aircraft manufacturing facility is fully operational with two major drone aircraft systems in rate production, plus prototype production of a third system. The Kratos Unmanned Oklahoma City aircraft manufacturing facility is home to the MQM-178 Firejet, which first rolled off the production line in Oklahoma in April 2019 and is produced in high quantities monthly/annually today, in both a target and tactical system configuration. The XQ-58A Valkyrie, a high-performance tactical UAV capable of long-range flights at high-subsonic speeds, currently under contract with multiple Department of Defense customers, is also produced at the Kratos Oklahoma manufacturing facility. Kratos is also in prototype production of an additional, high performance tactical drone system at the Oklahoma facility.

Kratos XQ-58A Valkyrie Ready for Flight is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/86419ba2-a560-4328-8b8b-b2087abe3c18

Including production at the Oklahoma City facility, Kratos today manufactures approximately 150…

Source…