If you are a nuclear engineer and your email says, “this might be an attempt to steal your identity,” PLEASE take it seriously.

Hackers are trying to take over U.S. nuclear power plants by stealing the identities of the workers at the plants.

They are spoofing social media sites trying to infiltrate personal data.

Malware has been discovered in fake resumes aimed to steal engineers’ credentials.

If these hackers succeed, then they could potentially cause a nuclear meltdown like the Russians saw at Chernobyl.

The New York Times reports:

Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries.

Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan., according to security consultants and an urgent joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation last week.

The joint report was obtained by The New York Times and confirmed by security specialists who have been responding to the attacks. It carried an urgent amber warning, the second-highest rating for the sensitivity of the threat.

There is no doubt that this is a serious attack, and a very serious threat against the U.S.

President Trump put a new Executive Order in place when he learned of it to help protect vulnerable U.S. infrastructure.

CNET reports:

For the past couple of months, hackers have breached the computer networks of companies that operate nuclear power facilities in the U.S., according to a new report from federal law enforcement officials.

One of the companies targeted was the Wolf Creek Nuclear Operating Corporation, which operates a nuclear facility near Burlington, Kansas, according to a joint report issued last week.

The FBI and Department of Homeland Security had an urgent amber warning, the second-highest rating for the severity of the threat.

Organizations running the nation’s energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks “one of the most serious national security challenges we must confront.”

President Donald Trump signed an executive order in May designed to bolster the United States’ cybersecurity by protecting federal networks, critical infrastructure and the public online. One section of the order focuses on protecting utilities grids like electricity and water, as well as financial, health care and telecommunications systems.

The government report didn’t indicate whether the purpose of the cyberattacks was espionage or physical destruction, but researchers concluded that hackers appeared to be mapping computer systems for future attack.

The origin of the attacks is also unclear, but sources told the Times that hackers’ techniques resembled those used by a Russian hacking group known as Energetic Bear, which has been linked to attacks on the energy sector since 2012.

The report comes amid heightened concern that the Russian government hacked the U.S. presidential election in November to ensure a victory for Republican Trump.

Hackers sent fake resumes containing malware to senior engineers who maintain broad access to critical industrial control systems, the government report said. When the recipients clicked on the documents, hackers could then steal their credentials, the Times reported.

A spokeswoman for the Wolf Creek Nuclear Operating Corporation declined to comment on the cyberattack but said there was “absolutely no operational impact” on the facility because corporate and operational networks are kept separate.

“The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet,” Wolf Creek spokeswoman Jenny Hageman said in a statement. “The plant continues to operate safely.”

Let us hope that those who work in critical facilities will remember that our safety often depends on their choice of passwords.

As CNBC reports:

News of the [2016] devastating breach at Yahoo stunned even the most seasoned security experts, given its impact on more than 500 million individuals.

Somewhat lost in the news of this attack and others including the U.S. Office of Personnel Management, Anthem, and the Democratic National Committee is that the impact of each of these breaches cannot be viewed in isolation. Rather, each is one node in a much bigger effort.

A closer examination of major breaches reveals a common theme: In every “major headline” breach, the attack vector has been the common password. The reason is simple: The password is by far the weakest link in cybersecurity today.

A breach of a nuclear power plant could have far more impact than this.