recommended reading

Energy Industry Website Hacks Resemble Compromises to a Labor Site for Nuclear Workers


Computer breaches that are infecting visitors on energy sector websites might be linked to a May compromise of a Labor Department webpage that attracts former Energy Department nuclear personnel, cyber researchers say.

Traces of the malicious operation that hit Labor's “Site Exposure Matrices” public website, which helps Labor caseworkers compensate former Energy Department workers suffering from nuclear-related illnesses, have been discovered on many industry sites.

“The Department of Labor compromise occurred before the compromise of the energy-related websites,” Emmanuel Tacheau, a Cisco threat researcher, said in an email on Friday.  “We know that they share both timing and the target -- the energy sector. Both attacks also employed a near identical rendition of the Internet Explorer exploit described in CVE-2013-1347," the name of a software flaw. 

These "watering hole" attacks took advantage of weaknesses in Web software, in this instance Microsoft Internet Explorer, to implant malicious software that can then infiltrate the computers of site users.  

Tacheau said the Labor site intrusion is consistent with watering hole attacks “which attempt to deliver malware to the specific sector that would ordinarily visit those pages. In the case of the DoL compromise, the affected pages dealt with nuclear-related content. The malware connects to a remote command and control server and it is assumed the intent is to gather forensics and steal sensitive information.”

Researchers have not been able to determine a direct connection between the two campaigns, he said.

The assaults on the firms came to light later in May, Tacheau wrote in a blog post earlier this week. The victims include an industrial supplier to the energy, nuclear and aerospace sectors, and various investment and capital companies that specialize in energy.  Other targets were an oil and gas exploration firm with operations in Africa and Brazil, and a natural gas power station in the United Kingdom.  

Encounters with the malware on the corporate sites "resulted from either direct browsing to the compromised sites or via seemingly legitimate and innocuous searches. This is consistent with the premise of a watering-hole style attack that deliberately compromises websites likely to draw the intended targets," Tacheau wrote. 

Researchers at security providers Invincea and Alienvault Labs were the first to discover the Labor site intrusion this spring. The database lists diseases associated with Energy facilities and details toxicity levels at each location that might have sickened employees developing atomic weapons, according to the Institute of Medicine. 

Alienvault specialists, at the time, suggested that techniques used to strike Labor’s site matched those "used by a known Chinese actor called DeepPanda."   

Explore the future of technology in government at Nextgov Prime Oct. 15-16 in Washington. Registration for federal employees is free. 

(Image via Norebbo/

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.