Nuclear plant security breach result of employees mining cryptocurrency

Sometimes our greatest assets can be our greatest weaknesses. A key example of this are employees, especially when it comes to cybersecurity. Often, people don’t realize the cyber consequences of their actions and ignorantly open the door to unsavory characters. In fact, in November I blogged about a report Honeywell’s Cyber Security team released detailing the threats that USB flash drives that employees bring into facilities.

But this is just one of many ways your employees can be dangerous to your cybersecurity. ZDNet recently reported that the Ukrainian Secret Service (SBU) is investigating the breach of a nuclear power plant’s network.

According to the article titled “Employees connect nuclear plant to the Internet so they can mine cryptocurrency” by Catalin Cimpanu, employees connected parts of the South Ukraine Nuclear Power Plant’s internal network to the Internet for the purposes of mining cryptocurrency.

“Investigators are examining if attackers might have used the mining rigs as a pivot point to enter the nuclear power plant’s network and retrieve information from its systems, such as data about the plant’s physical defenses and protections,” Cimpanu reports. 

On July 10, SBU raided the plant and seized computers and equipment specifically built to mine cryptocurrency, which were found in administration offices and the building used as barracks by a military unit tasked with guarding the plant, the article explains.

“Several employees have been charged for their involvement in the scheme, but not yet arrested. It’s unclear if any military staff was charged,” Cimpanu reports.

This incident did not take place in a vacuum. Cimpanu notes that several similar incidents occurred in 2018 in Russia, Australia and Romania.