A joint report by the Department of Homeland Security and the Federal Bureau of Investigation says hackers have been launching cyber attacks against companies that run nuclear power stations, energy facilities and manufacturing plants in U.S. and other countries since May, The New York Times reported Thursday.
The report obtained by the Times said hackers e-mailed fake resumes to senior industrial control engineers who have access to critical industrial control systems.
The resumes were Microsoft Word documents that contained malicious code, which allowed attackers to steal the recipient’s credentials once a document is opened.
“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” DHS said in a joint statement with the FBI.
The report suggested that the attacks were carried out by an “advanced persistent threat” actor — a term that cybersecurity specialists use to refer to government-sponsored hackers, the Times noted.
Sources told the publication that the hackers’ techniques were similar to those of the Russian hacking group dubbed “Energetic Bear,” which has been linked to attacks against the energy sector.