Hacker Groups Uncovered in UK Nuclear Site in Another Case of Sleeper Malware

by | Dec 11, 2023

Hacker groups seem to keep popping up in national infrastructure and sensitive areas, and reporting from The Guardian indicates that Europe’s nuclear waste handling has been a point of interest. The beleaguered Sellafield nuclear site is the subject of new reporting indicating long-term cybersecurity deficiencies that Russian and Chinese hackers have apparently exploited, stealing classified files and strewing malware throughout networks that might be activated in the midst of a crisis situation.

This appears to be a long-term issue, with some indication the malware was first discovered in 2015. The Guardian reporting indicates the situation is highly chaotic with senior officials unsure if the malware is still present and possibly failing to report incidents to the UK’s Office for Nuclear Regulation (ONR). The reporting indicates that ONR is preparing to charge some staff members, but a statement in response to the Guardian story indicates that this is not true and that the agency has seen no evidence of hacker groups in the nuclear site’s systems.

APT hacker groups show interest in nuclear waste

The Guardian has been covering assorted safety and employee issues with Sellafield for nearly a year, in an ongoing series called “Nuclear Leaks.” The information about hacking groups is a new development, however, provided by anonymous government sources. The nuclear site has been controversial since shortly after it was built in the middle of the previous century, largely for concerns about crumbling physical components and the possibility of leaks that could get bad enough to impact groundwater.

Nation state hacker groups appear to be highly interested in “seeding” sensitive government systems such as these with stealth malware meant to be activated at some future date, presumably in the midst of a full-tilt military conflict or during some sort of major natural disaster.

While waste disposal might not initially seem like a target of interest, the nuclear site’s system contains emergency plans for dealing with the fallout of a foreign nuclear attack among its other items. It could also provide sensitive information on how to best weaponize nuclear waste that is already at risk of leaking into areas where it can do public harm.

Nuclear site has been a controversy magnet for half a century

Sleeper malware tied to the hacker groups was first found in 2015, according to internal documents seen by the Guardian, but might have been present before that. Senior staff have been accused of covering up discoveries of breaches of this nature and failing to notify regulators of breach incidents.

In addition to emergency plans and details about leaks and fires, the hacking groups might have accessed information about waste that the nuclear site has taken in from other countries. The hackers could also have accessed records of movements of radioactive waste. The internal communications reported by the Guardian have Sellafield referring to the cybersecurity issues as “Voldemort” and a “fundamental” danger to the facility. Among other issues, the reports indicate that external contractors have at time plugged memory sticks into internal systems with no supervision.

Though ONR and the government have denied the presence of hacking groups in the nuclear site’s network, Sellafield has only said that it continues to work closely with regulators on cybersecurity issues.

Recent Posts

How can we help?

4 + 1 =

× How can I help you?