Sellafield nuclear site “attacked by cyber groups” linked to Russia and China

Claims of a data beach have been denied by Sellafield nuclear waste and decommissioning facility

Add bookmark

Michael Hill
12/05/2023

A hazardous nuclear facility in the UK has reportedly been attacked by cyber threats actors linked to Russia and China. According to The Guardian, the compromise of IT systems at the Sellafield nuclear waste and decommissioning site could date back to 2015, with senior staff accused of covering up the breach. Sleeper malware – which loiters in infected systems to steal data or launch attacks – is believed to have been embedded in Sellafield’s computer networks.

Sources claim it is likely foreign hackers have accessed the highest echelons of confidential material at the site, while the extent of any data loss or ongoing risks to systems is unknown at the time of writing, reported The Guardian. The revelations are part of a year-long investigation by the newspaper into cyber hacking, radioactive contamination and toxic workplace culture at Sellafield.

Sellafield denies claims of successful cyber attack

In a statement published on the UK government website, Sellafield has denied the claims stating that it has “no records or evidence” to suggest its networks have been successfully attacked in the way described. “Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system,” the statement read.

This was confirmed to the newspaper well in advance of publication, along with rebuttals to several other inaccuracies in their reporting, it added. “We have asked The Guardian to provide evidence related to this alleged attack so we can investigate. They have failed to provide this.”

Cyber security is taken extremely seriously at Sellafield with all systems and servers having multiple layers of protection, the statement continued. “Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”

Cyber attacks and cyber espionage by nation states and hacktivists pose a significant threat to global civil nuclear infrastructure. Last month, a data breach at the Idaho National Laboratory (INL), part of the U.S. Department of Energy and one of the country’s foremost advanced nuclear energy testing labs, exposed the sensitive information of employees. A hacktivist group claimed responsibility for the incident on social media after claiming to have obtained “hundreds of thousands” of data points from the INL. This reportedly includes dates of birth, email addresses, phone numbers, Social Security numbers, physical addresses and employment information.

Reported breach represents a concerning cyber security oversight

The Sellafield revelations, if true, represent a concerning cyber security oversight that persisted over an extended period, commented Fergal Lyons, cyber security evangelist at security firm Centripetal. “It’s alarming how this negligence went unnoticed and underreported by regulators. This situation underscores the daunting task of safeguarding any high value facility under constant siege by assailants globally.”

Addressing these threats requires a deep dive into identifying and understanding these assailants – where they originate and who they are, Lyons added. “It is important to note that in over 95 percent of cyber attacks globally, there existed some form of threat intelligence that, if leveraged effectively, could have mitigated the attack's devastating impact.” Conventional cyber security defenses are failing on multiple fronts, as is evident in the surge of ransomware attacks and data breaches, signaling the need for an industry-wide re-evaluation of our existing defensive strategies, he said.

Internationally renowned computer security expert, Professor Alan Woodward, said on X (formerly Twitter): “If someone really did breach Sellafield networks then I hope to goodness they don’t try anything really stupid. We would all regret that.”