Sellafield nuclear site compromised by Russian and Chinese hackers

Skull and Crossbones
(Image credit: Shutterstock)

The UK Sellafield site has been breached by hackers with links to Russia and China’s governments, the Guardian has revealed.

The site is listed as the UK’s most hazardous, and contains the world’s largest store of plutonium, alongside highly sensitive data relating to nuclear attacks and disasters.

The breach has been traced as far back as 2015 after experts uncovered malware within the Sellafield site’s computer systems.

Cyber Chernobyl?

Originally designed to produce plutonium for nuclear weapons research and production during the Cold War, the site has also seen extensive use for power production, and nuclear fuel reprocessing and waste storage.

The site has over 11,000 staff, and has taken in spent radioactive fuel from a number of other countries for processing. The site is guarded by armed police, but its cyber network is apparently not offered the same level of security, and was last year placed into “special measures” due to its poor cyber security.

Among a number of other failings, it was found that contractors working on the site were able to access the network unsupervised, and workers on an external site could also access the Sellafield network.

Ed Miliband, the shadow secretary of state for energy security and net zero, commented that it was a “very concerning report about one of our most sensitive pieces of energy infrastructure”.

“It raises allegations that must be treated with the utmost seriousness by government. The government has a responsibility to say when it first knew of these allegations, what action it and the regulator took and to provide assurances about the protection of our national security.”

There is currently no information on exactly what information was stolen by the hackers, but Guardian sources suggested that even the most confidential information on the site could have been accessed by hackers.

According to the Office for Nuclear Regulation, it is expected that individuals will be charged for the site’s cybersecurity failings, and there are suggestions that the Sellafield network is so outdated and vulnerable that a brand new network should be built to replace it’s current systems.

More from TechRadar Pro

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.