Labor's toxic exposure site serves up spyware to Energy's nuclear workers
Energy // Government (U.S.) // Government Contractor // Healthcare and Public Health // United States
A type of cyber breach that hacks website visitors struck a Labor Department site visited by Energy Department employees who have worked with nuclear weapons. Labor officials confirmed one of their sites was compromised.
Researchers at security provider Invincea identified a "watering hole" assault on Labor's “Site Exposure Matrices” public website. The database lists nuclear-related illnesses linked to Energy facilities and toxicity levels at each location that might have sickened employees developing atomic weapons,. The website is intended to help Labor caseworkers and former Energy workers determine appropriate compensation.
"We can infer the target of the attack are [Energy Department] folks in a watering hole style attack compromising one federal department to attack another," Anup Ghosh, Invincea's founder and a former program manager at the Defense Advanced Research Projects Agency.
Hackers took advantage of an error in older versions of the Internet Explorer browser to implant malicious software that can infiltrate the computers of people visiting the site.
Labor spokesman Jesse Lawder said the agency immediately took the site offline and began investigating the incident with "appropriate internal and external authorities" to identify and minimize potential impacts.