Reaction score
SiegedSec asserts the exposure of crucial data.
On Telegram this Sunday, the hacker collective SiegedSec, recognized for its politically driven offensives, declared the successful infiltration of the personnel management application at the Idaho National Laboratory. The group asserts having acquired comprehensive information regarding the personnel affiliated with this nuclear research facility.
The hackers purportedly gained entry to intricate details about lab employees, encompassing complete names, social security numbers, banking details, and addresses. While the group disclosed some pilfered data, verification of the entirety of the claimed information was unattainable.
Lab spokeswoman Laurie McNamara acknowledged the security breach but indicated that the magnitude of the occurrence is still under assessment.
Despite the absence of an elucidation from the hackers regarding their selection of this specific lab, the breach constitutes a significant menace to U.S. national security. Scientists at the Idaho National Laboratory are engaged in clandestine defense initiatives, safeguarding critical infrastructure. The compromise of personal data provides assailants with avenues for infiltrating the laboratory on behalf of foreign intelligence services.
Included in the disclosed files is an exhaustive inventory of recent layoffs and their justifications. Additional documents contain over 6000 active social security numbers. As of October 2022, the laboratory maintained an employee count of approximately 5,500.
Another dossier encompasses data exceeding 58,000 entries, encompassing details on current, terminated, and former personnel. Portions of the stolen files are timestamped October 31, 2023.
In response to the incident, the lab has enlisted the FBI and the Cybersecurity Agency for investigative purposes. Oracle and the FBI opted not to provide comments.
The Idaho National Laboratory is one of the 17 research centers affiliated with the U.S. Department of Energy, specializing in nuclear power, energy security, and broader national security concerns, including cyber defense.
The method by which SiegedSec infiltrated the HR management application and extracted such an extensive dataset comprising diverse personal information remains ambiguous.
Oracle characterizes the targeted HR product as "a comprehensive cloud-based solution that integrates every human resource management process - and every individual - in your enterprise."
This incident marks not the first instance of U.S. national laboratories falling prey to hackers. These laboratories, engaged in diverse realms from nuclear weaponry to renewable technologies, have been subjected to various state-sponsored cyberattacks. Earlier this year, Brookhaven, Argonne, and Lawrence Livermore labs encountered hacking endeavors.
SiegedSec, the group claiming responsibility for the breach, has a track record of executing politically motivated cyber assaults, previously alleging infiltration of NATO systems. In October, the group purportedly stole around 3,000 documents in their last assault on NATO.
The group has expressed a disinterest in hacktivist pursuits, defining themselves as more prone to unlawful activities than activism. Their past actions involve attacks on U.S. states imposing restrictions on gender reassignment and abortion-related medical care. Notably, the group recently claimed responsibility for an assault on Israel's infrastructure.