Idaho National Laboratory - November 2023
SiegedSec stole info on employees, users, and citizens
Idaho National Laboratory (INL) was breached by SiegedSec on November 19 2023.
What organization was breached and what group of attackers breached it?
INL is one of the US Department of Energy national laboratories. Established in 1949, it is known for its nuclear research and houses the largest concentration of reactors globally. It employs just under 6,000 people and is located in Idaho Falls, Idaho, USA.
SiegedSec is a hacktivist group that emerged in early 2022. The group mainly attempts to steal sensitive information from government organizations and publish it, often on Telegram. The group stole and leaked documents from NATO in October 2023, one of the most high profile attacks it has perpetrated so far.
Hacktivist groups (hacker + activist) leverage cyberattacks to promote a political agenda or social change, such as ensuring freedom of information or human rights.
What did the attackers do?
SiegedSec accessed INL tools and stole data, including information from "hundreds of thousands" of employees, system users, and citizens. It stole and released names, dates of birth, email addresses, phone numbers, social security numbers, physical addresses, and employment information.
In this instance, the attackers targeted a federally-approved vendor system INL was using for Human Resources.
The federal government has standards (via the Federal Information Security Modernization Act) that any private sector firms that support, sell, or receive services from the US government must meet to do business with the US government, which includes security requirements. These standards are critical to establish a baseline of required cybersecurity capabilities, which makes organizations a more difficult target for attackers. However, these requirements are the floor, not the ceiling, for cybersecurity capabilities. Even meeting these requirements will not guarantee perfect defense against cyberattacks.
It’s likely that the attackers were only able to steal data pertaining to employees, users, and citizens (as opposed to sensitive documents regarding nuclear research) because it was accessing a human resources tool and because of security controls preventing the attackers from moving to other systems.
What does this mean for me?
The attackers didn’t get in by targeting the lab… it targeted software created in the private sector that the lab used, and HR software at that! For public or private sector organizations:
Invest in the security of the products you sell. The attackers succeeded by targeting a 3rd party product - human resources software - to gain access to a critical nuclear research laboratory in the United States. As an employee of a company selling HR software, it may not feel as though attackers would target your organization. However, it’s important to think about the companies you serve and whether an attacker would want to access one of them.
Evaluate the security of the companies you partner with or leverage. The vendors you work with are a potential entry point for an attacker. Evaluate the security of the companies you leverage (through 3rd party risk evaluations, for example), as one of them could lead to your breach.
—
Notes
https://www.darkreading.com/ics-ot/idaho-national-nuclear-lab-targeted-in-major-data-breach