Feb 14 2023

House Committees’ Inquiry into National Labs Spotlights the Threat of Spear-Phishing

The White House warned organizations nearly a year ago of the Russian threat and the need for modern security tools and training.

A joint inquiry by the House Committee on Oversight and Accountability and the House Committee on Science, Space and Technology into a Russian hacking team’s attempts to target at least three of the Department of Energy’s National Laboratories serves as a reminder that spear-phishing campaigns remain an ever-present threat to agencies.

By Feb. 16, the committees are seeking documents and communications between the DOE; the Brookhaven, Argonne and Lawrence Livermore national labs; and any other labs, agencies or contractors affected by the hacking attempts.

Cold River, a team known to support Russian government information operations, reportedly created false login pages for the three labs in question and emailed links to nuclear scientists seeking their passwords in August and September. House lawmakers want to know how successful the spear-phishing campaign was.

“Although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States,” notes a letter sent by the committees’ leadership to DOE Secretary Jennifer Granholm. “The committees request documents and information related to these incidents to determine the impact of the attempted intrusions and evaluate what DOE is doing to ensure the continued security of sensitive scientific research and development at its National Laboratories.”

Click the banner below to receive curated security content by becoming an Insider.

Scientists at the Brookhaven National Laboratory research nuclear and particle physics. Lawrence Livermore National Laboratory scientists research the safety and security of the U.S. nuclear deterrent. Argonne National Laboratory scientists research multidisciplinary engineering.

The committees requested documents and communications from July 1, 2022, to the present.

LLNL referred FedTech to the National Nuclear Security Administration. An NNSA spokesperson says DOE has the processes in place to monitor, detect and mitigate cyberthreats and the IT and cybersecurity expertise to protect its systems.

“At this time, there is no evidence that NNSA networks or information systems were impacted by this event,” the spokesperson says. “NNSA currently maintains operations at an information operations condition level yellow, which allows for a proactive posture to identify, respond to and mitigate cyberthreats.”

The INFOCON level is yellow due to “elevated threat activity worldwide” and not “specific cyberattacks against NNSA,” the spokesperson said.

Cold River targeted U.S. allies in the past on behalf of the Russian government. In a March 2022 fact sheet, the White House warned public sector companies this threat might increase following the imposition of sanctions on Russia over its invasion of Ukraine.

EXPLORE: How the internet of things can impact agency security.

The Importance of a Cyber Strategy and Training

A 2022 Proofpoint report notes that 26 percent of U.S. workers surveyed clicked an email link leading to a suspicious website. For this reason, agencies need a cyber strategy in place for protecting sensitive information. The White House recommends:

Training takes a variety of forms, such as benchmarking individual or team cyber skills against the industry, then investing in a course package that fills identified gaps. It can also include classes on specific security tools, or on the customization of a workforce development program with multiple learning tracks.

External security maturity assessments frequently find poor cyber hygiene to be a problem within agencies, increasing the need for training on the fundamentals of vulnerability management and administrator access.

“A business may furnish a laptop to an employee without restricting privileges, and then the employee’s child will download malware-infected games onto the device,” writes Jeremy Wilder, security enterprise architect at CDW, in a blog. “These are simple problems, but we see them over and over in our practice.”

gorodenkoff/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT