Hackers Steal Research and User Data from Japanese Nuclear Research Lab

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
From November 2015 to June 2016, hackers targeted researchers at the University of Toyama’s Hydrogen Isotope Research Center, the University told Japanese media.

Officials said the attacker managed to steal files on multiple occasions, taking both research data and the personal details of nuclear scientists.

Malware infection occured after spear-phishing attack
According to University officials, the attackers sent spear-phishing emails to several researchers working at its nuclear research laboratory.

Investigators tracked down the first malicious email to November 24, 2015. A researcher's computer was compromised in late November with a malware strain that collected data from his workstation and sent it to an online server.

Officials say the malware first exfiltrated data from the University's network in December 2015. They say the attackers created over 1,000 archived files, which they then sent via an encrypted channel to their online server. Because the files and the transfers were encrypted, investigators don't know what the attackers stole during this initial attack.

Attackers stole data in December 2015, March 2016, and June 2016
The attackers then collected another series of files, which they also compressed in smaller archives and exfiltrated in March 2016.

For this transfer, investigators say they were able to determine that the attackers collected data related to research into how to remove contaminated water discharged from the Fukushima No. 1 nuclear power plant.
When the attackers stole a third batch of files, in June, an external entity noticed the suspicious data transfers and notified the research lab.

Attacker posed as a Tokyo university student
A subsequent investigation revealed that the attackers posed as a Tokyo university student that asked one of the Toyama researchers to answer some questions. The questions were delivered via a malware-laced document attached to the email.

Investigators believe the attacker managed to steal over 59,000 files in total. They also say the malware samples they analyzed was pre-programmed to search the victim's computer for the term IAEA, which is the UN's International Atomic Energy Agency.

Last week, Yukiya Amano, head of IAEA, revealed that an unknown entity has also targeted a German nuclear power plant with a disruptive cyber-attack in 2014.

Toyama University is world leader in tritium research
The University of Toyama’s Hydrogen Isotope Research Center is one of the world leaders in tritium research.

Tritium, also know as Hydrogen-3, is a radioactive isotope of hydrogen that is an important fuel for controlled nuclear fusion, but also a key component of hydrogen bombs.

Besides information on the lab's tritium research, investigators said the attacker also stole the personal details of 1,493 researchers with who Toyama researchers kept in contact.

:eek:o_O:oops:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top