The United States has admitted that hackers attacking its nuclear power plants have already succeeded. Twice.
An investigation by the Nuclear Regulatory Commission, which oversees the US nuclear power grid, uncovered two incidents in which hackers were able to access its internal documents.
The NRC is tasked with managing information about nuclear reactors, including those which handle weapons-grade material.
One of the hacking incidents, as reported by NextGov, involved emails sent to 215 NRC employees designed to steal their login details.
Around 12 employees ended up falling for it, according to the report, entering their username and password into a Google spreadsheet. The IG Cyber Crime Unit then tracked that spreadsheet to a user "in a foreign country" - though it is not clear who was behind the simple attack.
Another attempt saw hackers embed a URL in an email which linked to a "a cloud-based Microsoft Skydrive storage site", which itself hosted various malware designed to compromise computers. Further attacks involved breaking into the personal email account of an NRC employee and sending a virus-laden PDF file to other staff members.
Commission spokesman David McIntyre said that the NRC "detects and thwarts" the majority of these attempts, but admitted two had succeeded. It's not known for sure what information if any was taken.
"The few attempts documented in the OIG cyber crimes unit report as gaining some access to NRC networks were detected and appropriate measures were taken," he said.
Experts speaking to NextGov said that a foreign government was likely responsible.
"Clearly, the spearphishing is a technique that we've seen the Chinese and the Russians use before," said Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, to the website.
"Using the general logic, a nation state is going to be more interested in the NRC than you would imagine common criminals would be."