French nuclear power group Areva was the target of a cyber attack in September, according to a recent post on the website of French business magazine L’Expansion.
There were conflicting reports about the incident, which raises the specter of nation-backed spying. Some accounts, including one from Slate Magazine’s French language site, claim that the attack was serious, with hackers enjoying consistent access to Areva’s computers for up to two years. Others, including a report from France Info, one of the nation’s largest public radio stations, said the breach extended only to “non-critical” information of the group.
Areva has not commented on the incident publicly. Calls made to the company were not immediately returned on Monday.
Word of the incident first came to light on September 16, when employees of the firm were notified that there would be three days of maintenance performed on the company’s system to “strengthen security measures.” These security measures, implemented in conjunction with the National Security Agency Information Systems (ANSSI), appear to be in direct response to the break-in.
Areva employs 5,000 in the United States across 40 locations and is on track to open a gas centrifuge uranium enrichment plant in Idaho, its first in the U.S., in 2014 according to Bloomberg Businessweek.
The incident recalls the Stuxnet attacks in 2010, which affected nuclear plants world wide and are believed to have begun as targeted attacks against Uranium enrichment facilities within Iran. With little known about the Areva attack, however, comparisons to a sophisticated, targeted attack like Stuxnet are premature.