Three U.S. National Labs Attacked on July 1

Via Digital Dao (Jeffery Carr) -

On July 1, 2011, Battelle Memorial Institute suffered a "sophisticated" attack against its network which also impacted Pacific Northwest National Lab and one other lab which wasn't named. Both PNNL and Battelle shut down their email servers and their Internet access as a precaution. As of 0200 03JUL2011, Battelle's website was still down (battelle.org) while PNNL.gov was functioning normally. Oak Ridge National Lab suffered a similar attack on April 11 which involved a spear phishing email with an human resources related theme that exploited a 0-day in the IE browser. Battelle manages several Department of Energy labs including:

• Brookhaven National Laboratory
• Idaho National Laboratory
• National Renewable Energy Laboratory
• Oak Ridge National Laboratory
• Pacific Northwest National Laboratory
• Lawrence Livermore National Laboratory

EMC's RSA SecurID division was compromised in a similar way in early March, 2011 via a spear phishing attack with a HR-related theme. In RSA's case it exploited an Adobe Flash 0-day. While Battelle and its managed national labs are all RSA SecurID customers, there is no publicly available information on the ORNL, PNNL, or Battelle attacks which suggests that the SecurID breach played a role at this time.

--------------------------------------------------------------------------------------------------

It is pretty well known, APT actors like to take advantage of long holiday weekends.

It shouldn't come as a surprise APT actors would target National Labs, as they are heavily involved in classified scientific research - impacting the DoD, DoE, and other agencies. The data would be of significant strategic interest to other nation-states.