Attackers Target PNNL, Force Lab Off the Web

An attack against the Pacific Northwest National Laboratory has forced the lab to shut off access to the Internet, and the lab’s external Web site also is inaccessible right now. The attack on the lab, which conducts national security and cybersecurity research among other things, is the latest in a series of such attacks against research facilities.

PNNLAn attack against the Pacific Northwest National Laboratory has forced the lab to shut off access to the Internet, and the lab’s external Web site also is inaccessible right now. The attack on the lab, which conducts national security and cybersecurity research among other things, is the latest in a series of such attacks against research facilities.

On Tuesday, officials at PNNL in Richland, Wash., said that the facility was under siege from a “sophisticated” cyber attack and that they had been forced to sever the lab’s connection to the Internet altogether. It’s unclear right now what kind of attack hit PNNL, but it appears to have been ongoing for some time now.

A sophisticated cyberattack has shut down internet and email at PNNL. Full access will be restored once we can repel further attacks,” the lab said on its Twitter feed Tuesday.

PNNL is one of 16 national laboratories operated by the Department of Energy, and it is involved in a wide variety of research activities. Among the newer facilities at PNNL is the Computational Sciences Facility, which conducts research on cybersecurity, high performance computing and national security projects. The CSF came online in 2009, but in the last decade PNNL has been doing a large amount of work on homeland security projects.

The most prominent technology to come out of the facility probably is the system that’s used to scan incoming containers at ports of entry in the United States for nuclear and radiological weapons. PNNL is one of a number of national DoE labs that is managed by a private nonprofit organization called Battelle Memorial Institute. Among the other labs that Battelle manages is the Oak Ridge National laboratory in Tennessee, which was the target of a separate attack earlier this year.

The Oak Ridge attack was similar to the infamous attack on RSA this year in which employees were sent a well-crafted spear phishing email with a malicious attachment that, once opened, compromised the victim’s machine and gave the attacker access to the network.

In an analysis of the recent attacks on Department of Energy labs, Rafal Los of HP sees a possible connection among the operations and potential long-term trouble. The research labs share a common high-speed data link called the ESnet, which connects more than 40 DoE facilities in the U.S. and gives the researchers access to high-performance computing resources. Los wondered in his analysis what the consequences would be if ESnet itself were compromised.

It’s quite plausible to me that the attackers were after
credentials, and network access.  They didn’t appear to get away with
large quantities of information (at least not on the first pass), and
from the statement of ‘a few megabytes’ we can reasonably deduce that
the attackers could have been harvesting credentials from the machines
that were compromised.  Add that to the SQL Injected credentials stolen
and we have a party … or trouble on ESnet, if you ask me,” Los wrote.

The ESnet is a separate network from the labs’ own individual Internet connections.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.