Oak Ridge National Lab shuts down Internet, email after cyberattack

DOE laboratory says it was victim of an Advanced Persistent Threat designed to steal technical data

By , Computerworld |  Security, Advanced Persistent Threat

The Oak Ridge National Laboratory, home to one of the world's most powerful supercomputers , has been forced to shut down its email systems and all Internet access for employees since late last Friday, following a sophisticated cyberattack.

The restrictions on Internet access will remain in place until those investigating the attack know that for sure that it has been completely contained, said Barbara Penland, ORNL's director of communications.

The lab is expected to restore external email service sometime on Wednesday, however no attachments will be allowed for the time being.

Penland said several other national laboratories and government organizations were targeted in the same attacks, which appear to have been launched earlier this month.

The measures at Oak Ridge were implemented late on Friday night after initial investigations showed that those behind the attacks were attempting to steal technical data from lab's systems and send it to an external system, Penland said.

So far, though, it appears that no significant amount of data has been stolen. Penland said investigators believe that whoever was behind the attacks managed to steal less than 1GB of data.

Penland said that ther e is nothing to show yet where the attacks originated from or who might have been behind it.

The attacks were launched through phishing emails that were sent to some 573 lab employees. The emails were disguised to appear like it came from the lab's HR department and purported to inform employees of some benefits related changes.

The emails contained a link that employees were asked to click on for further information.

Some employees appear to have clicked on the link resulting in an information-stealing malware program being downloaded on their systems.

Penland did not offer any more details on the malware itself. But a story in Knoxnews.com quoted ORNL director Thom Mason as saying the malware program exploited a zero-day vulnerability in Internet Explorer.

The story quoted Mason as describing the attack as a sophisticated Advanced Persistent Threat (APT), designed to gain a foothold on the lab's networks and then to quietly looking for and steal specific types of information.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question