View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 4, 2023updated 05 Dec 2023 9:19am

Sellafield nuclear site ‘hit by cyberattacks from Russian and Chinese hackers’

The nuclear site reportedly had malware laying dormant on its network for years, and failed to inform the authorities.

By Matthew Gooding

Sellafield nuclear site has denied claims it has been the victim of cyberattacks by hackers linked to Russia and China, who reportedly left malware in its networks undiscovered for years. The site has been criticised by a nuclear industry regulator for shortcomings in its cybersecurity measures and could face further action.

The Sellafield nuclear site has reportedly been hit by cyberattacks. (Photo by Steve Allen/Shutterstock)

Formerly a nuclear power station, the 650-acre Sellafield site in Cumbria is now used for nuclear waste processing and decommissioning. According to an investigation from the Guardian, security breaches have been detected in its networks dating back to 2015.

Sellafield nuclear site’s cybersecurity deficiencies

Malware was first detected on Sellafield’s network as far back as 2015, according to the Guardian investigation dubbed ‘Nuclear Leaks’. It is thought to have been planted by hackers with links to Russia and China, according to a source quoted by the newspaper.

It is alleged that Sellafield, which employs 11,000 staff, failed to disclose the breaches for several years, and that the problem only came to light when staff at a third party discovered they were able to access Sellafield’s network from external machines, and called in the Office for Nuclear Regulation (ONR). It has since been investigated by the industry regulator, which has found shortcomings in the site’s cybersecurity provisions and may launch prosecutions, the Guardian claims.

An ONR spokesperson said Sellafield was failing to meet cybersecurity standards, and said: “Some specific matters are subject to ongoing investigations, so we are unable to comment further at this time.” The organisation’s most recent annual report said that “improvements are required” by Sellafield when it comes to cybersecurity.

A Sellafield spokesperson said: “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state actors in the way described by the Guardian.

“Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.” The spokesperson added that the company takes “cyber security extremely seriously” and that all its systems and servers have “multiple layers of protection”.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Critical infrastructure under attack

Critical infrastructure sites like Sellafield are attractive targets for nation-state-backed hackers, and the UK and its allies in the Five Eyes security alliance have issued repeated warnings in recent years that providers of power and communications infrastructure could be subject to attacks.

Last month, the UK’s National Cybersecurity Centre (NCSC) warned in its annual report that critical infrastructure sites need better cybersecurity, but that the situation is improving. The government has said it will set cybersecurity targets for infrastructure providers to ensure their defences are up to scratch.

Jamie Ahktar, CEO and co-founder at security vendor CyberSmart, said: “It almost goes without saying, but the details of this breach are very concerning. Not only does the potential identification of ‘sleeper’ malware illustrate the sophistication of state-sponsored attacks but if the breach has lain undetected since 2015 it poses serious questions about Sellafield’s cyber defences.

“Given that the site has faced several problems with its cybersecurity over the years, we hope this incident serves as a reminder, not just to Sellafield, but to all parts of the UK’s critical infrastructure and the small businesses that work in tandem with it to take cybersecurity seriously.”

Read more: BlackCat claims to have hacked Sills & Betteridge

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.