A contractor at a U.S. national lab and a radioactive waste storage site managed by the Department of Energy were among the victims of wide-ranging cyberattacks that saw several federal agencies hacked, according to a person familiar with the matter.
A department spokesperson confirmed Thursday that records from two of the agency’s “entities were compromised,” though further details on the extent of the breach couldn’t immediately be determined. Multiple U.S. agencies were compromised by a hacking campaign in which attackers exploited flaws in a popular software tool to gather information from a range of victims.
“DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency,” an agency spokesperson said. “The department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach.”
A contractor for the department’s Office of Science and national laboratories, including Tennessee’s Oak Ridge National Laboratory that produces uranium for nuclear bombs and conducts nuclear energy research, was among the victims. The Oak Ridge Institute for Science and Education is overseen by the Oak Ridge National Laboratory Site Office, but spokesperson Pam Bonnee said the breached materials had nothing to do with the national lab.
The Energy Department’s Waste Isolation Pilot Plant in Carlsbad, New Mexico, which stores nuclear waste from the country’s weapons thousands of feet underground, was also affected by the attack. As of Thursday afternoon, the facility’s website was offline. A spokesperson at the facility declined to comment.
The U.S. Cybersecurity and Infrastructure Security Agency, a unit of the Department of Homeland Security, confirmed several agencies were affected. Russian-speaking hackers known as Clop have carried out a spate of recent attacks that exploited a vulnerability in MOVEit, a popular file-transfer product, according to the agency.
CISA Director Jen Easterly said the agency is providing support to several federal agencies affected by the MOVEit attack. Easterly said “as far as we know” the hackers are only stealing information stored on the MOVEit file transfer service, and that the intrusions are not being leveraged to gain further access to other parts of networks.
—With assistance from Jeff Stone.