Hackers may have managed to gain access to the control room of a Japanese nuclear power plant that could be used to produce fissionable material and potentially weaponize the material, but the incident could also pose serious risks to other plants around the world.
A group of hackers known as Project Zero has published a white paper detailing a technique that they say they used to access the system and that they said is designed to penetrate the reactor’s control systems.
In the paper, they say the hackers were able to gain “full control” of the control center and then control the reactor itself, but said they were unable to access any of the equipment or personnel within the plant.
The group has claimed credit for several attacks against plants in recent years, including a 2011 attack that crippled a power plant in the United States and a 2010 attack on the U.S. uranium mining giant Uranium One.
The paper by Project Zero also claims to have “fought against cybercrime groups such as the Black Hat security team and other organizations that seek to disrupt nuclear power systems,” but has not provided evidence of any of these attacks.
The researchers have not been able to confirm the claim that they were able access the control rooms of the two reactors, but they did say that they are aware of the vulnerability and are working on a patch.
The company that controls the facility, Tokyo Electric Power Co., said it has not been notified of any attacks by Project Zeros since the publication of the paper.
The Japanese government, which oversees the nuclear industry, has not said whether it has any information about the incident, although the Japanese government has issued warnings about cyberthreats.
Japanese Prime Minister Shinzo Abe has said the nuclear power industry is facing a “challenge” and said he is concerned about the potential risks.
“The nuclear power sector is in danger of being compromised and vulnerable to cybercrime attacks,” Abe said in a statement Thursday.
“We are going to work closely with the Japanese authorities to determine the root cause of this cybercrime.”
In October, a U.K.-based cybersecurity firm announced that it had discovered a hacking attack that targeted the system of the British nuclear reactor at Cern in Switzerland.
A team of about 200 researchers and engineers had discovered that hackers were exploiting a bug in the system to remotely seize control of the facility’s computer systems.
The Cern group said it had been attacked after discovering the breach, which had taken place over the course of several days.
The attack was believed to have been conducted by a group called the CyberCaliphate, which is believed to be affiliated with al Qaeda.