Russian and Chinese-linked cyber groups have hacked a major nuclear waste site in the U.K., a year-long investigation by the Guardian revealed on Dec. 4.
Sellafield, on England's northwest coast, is one of the most hazardous nuclear sites in existence. It has been used to dump nuclear waste from atomic power generation and weapons programs since 1959, turning it into the world's largest store of plutonium.
Security officials see cyber-attacks by Russia and China on civil infrastructure such as nuclear sites as one of "the biggest threats to the U.K.," the Guardian said.
Sellafield's insecure servers resulted in foreign hackers gaining access to high-level confidential material, which could include radioactive waste movements, leak monitoring, and fire checks.
The Guardian reported that emergency planning documents, used in case the U.K. comes under foreign attack, could have also been compromised.
"Sources suggest it is likely foreign hackers have accessed the highest echelons of confidential material at the site."
Breaches were first discovered in 2015, but "the authorities do not know exactly when the IT systems were first compromised," the Guardian said. The plant also failed to alert the Office for Nuclear Regulation (ONR) for "several years," sources told the newspaper.
The scale of the issue was revealed when external staff "found that they could access Sellafield's servers and reported it to the ONR."
While the ONR "confirmed Sellafield is failing to meet its cyber standards," the regulator declined to comment on breaches or claims there had been a "cover up."
Lax security protocols appear to be a broad issue. The Guardian noted that in July 2022, login details and passwords for Sellafield's IT systems were momentarily shown during an episode of a popular BBC nature series filmed at the site.
Amid the ongoing full-scale invasion, Ukraine frequently reports attempted Russian cyber-attacks and hacks.
Reuters reported in September that Russian hackers were targeting computer systems at law enforcement agencies in Ukraine in an attempt to gather intelligence on war crimes probes.
The National Security and Defense Council warned in February that the number of Russian cyberattacks on Ukraine has almost tripled compared to 2021, targeting logistics, military facilities, government databases, and information resources.