INL uncovered a cybersecurity incident, revealing unauthorized access to sensitive data.
SiegedSec, a politically motivated threat group, claimed responsibility for breaching the crucial US-based research facility, Idaho National Laboratory (INL), at the forefront of nuclear energy research for decades.
The attackers asserted they infiltrated a significant amount of sensitive information about INL’s personnel, including names, dates of birth, email addresses, phone numbers, Social Security numbers (SSNs), home addresses, employment details, and other pertinent data. Cybernews researchers independently verified the leaked dataset, confirming its sensitivity.
INL confirmed the breach to Cybernews, stating that the attack impacted the Oracle Cloud Human Capital Management (HCM) system. An INL spokesperson conveyed via email that on November 20, the laboratory identified itself as the target of a cybersecurity breach affecting the servers supporting its Oracle HCM system, responsible for handling Human Resources applications. The laboratory took immediate measures to safeguard employee data.
The laboratory reported the incident to law enforcement agencies, including the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency.
The attackers, communicating through their Telegram channel, alleged that the lab’s Oracle platform sent a juvenile announcement to all INL employees. This platform is commonly used by companies for data management, analysis, reporting, and human resources administration.
With a research history dating back to the 1940s, INL has been a leading institution in nuclear power exploration, conducting critical tests on the impact and utilization of nuclear reactors. Additionally, the laboratory explores energy applications for vehicles and spacecraft, employing a workforce of over 5,300 individuals.
SiegedSec’s Role in Cybersecurity Intrusions
SiegedSec’s politically motivated attacks are evident as they claim participation in a coordinated operation against Israel on their Telegram channel, as reported by Cybernews. The group specifically targeted the Israeli airline Israir. In a previous incident, they stole information from NATO‘s Communities of Interest (COI) Cooperation Portal. Emerging during the Russian invasion of Ukraine last February, SiegedSec initially targeted victims randomly.
However, after the Hamas attacks on October 7th, they actively joined “Operation Israel,” focusing on the country’s vital systems. Collaborating with the Russia-linked Anonymous Sudan group, SiegedSec openly declared its intent to target critical infrastructure in Israel, including telecommunications and industrial control systems.
Story credit