top of page

UK nuclear waste company targeted in cyber-attack

The organisation in charge of overseeing the management of the UKs radioactive nuclear waste has reported that they were the subject of an attempted cyber attack, and have highlighted that LinkedIn was utilised to facilitate the social engineering aspect of the attack.



The £50 billion Geological Disposal Facility (GDF) project, led by the United Kingdom's Radioactive Waste Management (RWM), aims to establish a substantial underground nuclear waste repository in the country.


RWM, a government-owned entity, facilitated the merger of three nuclear bodies - namely, the GDF project, the Low-Level Waste Repository, and another unnamed waste management entity - to form Nuclear Waste Services (NWS).


Although the full details of the attack or the tactics employed haven’t been released, a statement from Nuclear Waste Services highlights LinkedIn as a key element to the tactics and techniques employed by those responsible.




An NWS spokesperson said:

“NWS has seen, like many other UK businesses, that LinkedIn has been used as a source to identify the people who work within our business. These attempts were detected and denied through our multi-layered defences”.

LinkedIn has long been a repository of useful insights into the people working within organisations that can then be targeted by threat actors. Several campaigns seen in 2023 were reported, highlighting how data from LinkedIn such as job title, department worked in, details of colleagues/line managers were being leveraged by threat actors to aid phishing campaigns.


In early December last year, The Guardian Newspaper also reported that Sellafield had been the subject of cyber attacks from Russian and Chinese state sponsored threat actors, with malware detected within the systems at the site as far back as 2015.


The UK government were quick to respond to these claims with a flat denial of the details being made public by the media outlet.


Organisations should remain vigilant regarding the use of LinkedIn and to think carefully regarding any emails which may be equipped with familiar information that could have been gathered from LinkedIn, even if they appear to be from a trusted source.


Related articles:


 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page