US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants

The Registrer (UK) ^ | Wed 22 Nov 2023 | Brandon Vigliarolo

[Salman]

The self-described "gay furry hackers" of SiegedSec are back: this time boasting they've broken into America's biggest nuclear power lab's computer systems and stolen records on thousands of employees. Some of that data has already been leaked, it appears.

SiegedSec, which also claimed to have breached NATO's IT security on two occasions this year, said it has now hit Idaho National laboratory (INL), which is run by the US Department of Energy's Office of Nuclear Energy. Employee Social Security numbers, physical addresses, and bank account data are among the information said to have been pinched.

The lab has at least acknowledged its HR systems suffered a cyberattack.

"On Monday, November 20, Idaho National Laboratory determined that it was the target of a cybersecurity data breach in a federally approved vendor system outside the lab that supports INL cloud Human Resources services," spokesperson Lori McNamara told The Register today.

...

[Fedora]

Related:
* * *
https://www.darkreading.com/dr-global/pro-iranian-hacktivists-sights-israeli-industrial-control-systems

Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems
The hacktivists known as SiegedSec identify ICS targets, but there’s no evidence of attacks yet.

Dan Raywood
Senior Editor, Dark Reading
October 18, 2023

The hacktivist group SiegedSec has claimed responsibility for a series of attacks against Israeli infrastructure and industrial control systems (ICS), but there is no indication that the listed IP addresses have experienced any attacks.

The hacking group put together a list of what it claims are its Israeli ICS targets, which was recently uncovered by SecurityScorecard’s Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team. An image of the list — found via analysis of various dark Web groups — shows a series of IP addresses with the claim “we have unleashed mass attacks on Israeli infrastructure.”. . .

Who Are SiegedSec?
The SiegedSec group appeared shortly after the Russian invasion of Ukraine in 2022, and has conducted a series of attacks around that conflict, including an alleged data theft on the NATO Communities of Interest Cooperation Portal in July, followed by a second attack on multiple NATO portals earlier this month.

The group was also reportedly behind the attack on Atlassian in February, where a third-party app was breached, compromising employee data and floor plans of Atlassian offices located in San Francisco and Sydney, Australia.

To avoid compromise from this or any other attacker, SecurityScorecard recommended that organizations review the business necessity of exposing ICS devices to the wider Internet and place them behind a VPN or firewall when possible. Also, organizations should consider restricting access to ICS devices by adding dependent IPs to an allow list.

The firm also recommended blocking the listed IPs in SecurityScorecard’s KillNet Bot Blocklist, putting in DDoS mitigations, and configuring DNS resolvers and proxy servers to only accept requests from internal IP addresses and authorized users.

A Week of Attack Claims
At the start of last week, the US National Security Agency’s director of cybersecurity Rob Joyce said US intelligence had not observed evidence indicating there had been any significant cyberattacks so far in the Israeli-Hamas conflict.

Yet a number of claims of attacks were made at the start of last week, with Anonymous Sudan naming the Israeli government in online discussions as a main target, and the AnonGhost hacktivist group said it had managed to breach the “RedAlert” airstrike warning app to send messages.

Also, information operations entered the discussion last week when pro-Iranian and pro-Chinese groups were detected as being involved in anti-Israel propaganda campaigns. . .