Cyber attack UK’s ‘most dangerous’ nuclear site ‘hacked by groups tied to Russia and China’ in major security breach

INTERNATIONAL DESK: THE UK’s most dangerous nuclear site has been targeted by hackers allegedly tied to Russia and China in a major security breach.

Sellafield, on the coast of Cumbria, houses a 140-ton plutonium stockpile and processes radioactive waste generated by the UK’s working reactors.

The plant – previously known as Windscale and the site of a notorious disaster in 1957 – has been dubbed the “most hazardous place in Europe”.

Now, the Guardian has claimed Sellafield has been hacked into by cyber groups closely linked to Russia and China.

The effects have been “consistently covered up by senior staff” at the nuclear site, claims the paper.

The Guardian says it has discovered that authorities do not know exactly when the IT systems were first compromised.

But sources reportedly claimed breaches were first detected as far back as 2015, when experts realised sleeper malware, a sneaky type of software, was discovered in Sellafield’s networks.

Sources also suggested it is likely hackers from China or Russia had placed the malware.

The full extent of any data loss and any ongoing risks to systems was made harder to quantify by Sellafield’s failure to alert nuclear regulators for several years, it was claimed.

Sellafield denied the reports, and also said its critical computer networks could not be breached from the outside.

A spokesman told The Sun Online: “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian.

“Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

“This was confirmed to the Guardian well in advance of publication, along with rebuttals to a number of other inaccuracies in their reporting.

“We have asked the Guardian to provide evidence related to this alleged attack so we can investigate. They have failed to provide this.

“We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection.

“Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these.”

The Office for Nuclear Regulation confirmed Sellafield is failing to meet its cyber standards but declined to comment on the alleged breaches, or claims of a “cover up”.

The watchdog said: “Some specific matters are subject to ongoing investigations, so we are unable to comment further at this time.”

The revelations are part of The Guardian’s year-long investigation into cyber hacking, radioactive contamination, and a toxic workplace culture at Sellafield — which has world’s largest plutonium stockpile and is a repository for nuclear waste.

Built more than 70 years ago, it produced plutonium for nuclear weapons during the Cold War and accepted radioactive waste from other countries, such as Italy and Sweden.

It comes after bomb disposal experts were called to the plant in 2018 following a security incident.

Their report found the site had failed to identify the risks of out of date chemicals, the Daily Mail reported.

Incidents logged at Sellafield include radiation leaking from a water pipe and a nuclear waste container that was not welded completely shut.

Other alerts were triggered when potentially harmful uranium powder was spilled and acid was discovered leaking from a bust pipe. (THE SUN)