Plutonium

Threat Actor updated 4 months ago (2024-05-04T19:07:23.643Z)

Download STIX

Preview STIX

Plutonium, a threat actor with potentially global implications, has been involved in several critical incidents. The group's activities have been traced back to the 1960s when alleged Israeli scientists visited NUMEC, claiming to obtain plutonium-238 for non-nuclear projects. The lack of stringent regulations from the Atomic Energy Commission (AEC) during this period made it challenging to track potential losses or misuse of nuclear materials. Furthermore, the AEC did not require security clearances for all personnel handling nuclear material, as per Glenn Seaborg, former AEC chairman. This lax regulatory environment may have facilitated Plutonium's access to these dangerous resources. In recent years, the threat posed by Plutonium has become increasingly alarming. North Korea has reportedly begun operating a light-water reactor at its primary nuclear complex, potentially securing a new source for weapons-grade plutonium. Simultaneously, there are concerns about the security of Sellafield, the site with the planet's largest store of plutonium and a repository for nuclear waste. As early as 2015, advanced persistent threats (APTs) backed by Russia and China have breached Sellafield's IT systems, an issue that has allegedly been consistently covered up by senior staff. Looking forward, the situation remains fraught. Kim Jong-un's vow to ramp up production of plutonium and uranium suggests further escalation. The operation of a new reactor at North Korea's Yongbyon nuclear complex could provide another source of plutonium for nuclear weapons, exacerbating the threat. Considering these developments, it is crucial to address the risks posed by Plutonium and other such threat actors urgently and effectively.

Description last updated: 2024-05-04T16:53:43.236Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Andariel	2	Andariel, a state-backed threat group linked to North Korea's Reconnaissance General Bureau, has been identified as a significant cyber threat. The group has demonstrated its capabilities by compromising critical national infrastructure organizations, accessing classified technical information and i
Onyx Sleet	2	Onyx Sleet, also known as Andariel, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, is a threat actor associated with North Korea's state-sponsored cyber operations. This group operates under the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau, based
CVE-2023-42793	2	CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Sellafield

Nuclear

Teamcity

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
ZINC	Unspecified	2	Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been actively involved in cyberattacks on global media, defense, and IT industries. Microsoft's Threat Intelligence Center has been tracking the group's activities, which have included weaponizing open-source softw

Source Document References

Information about the Plutonium Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	5 months ago	Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings
BankInfoSecurity	5 months ago	UK Nuclear Cleanup Site Faces Criminal Cybersecurity Charges
CERT-EU	8 months ago	North Korea’s Kim vows to launch 3 more spy satellites and produce more nuclear materials in 2024
CERT-EU	8 months ago	Kim Tells North Korea to Prepare for War He Says Is Inevitable
CERT-EU	8 months ago	North Korea warns war inevitable, builds up spy satellites and nuclear arsenal
CERT-EU	8 months ago	N. Korea’s new nuclear reactor likely fully operational next summer: Seoul
CERT-EU	8 months ago	Techrights — Links 24/12/2023: Kangaroo Court Update and a Merry Christmas
DARKReading	9 months ago	Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare
InfoSecurity-magazine	9 months ago	Sellafield Accused of Covering Up Major Cyber Breaches
CERT-EU	9 months ago	Credit Union outages, Nuclear site breach \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Sellafield rubbishes allegations of covering up a major malware attack in 2015
CERT-EU	9 months ago	British Nuclear Power Facility Attacked
CERT-EU	9 months ago	Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Cisco finally patches IOS XE after six days of zero day hits
CERT-EU	a year ago	North Korea ramps up intelligence-gathering cyberattacks
CERT-EU	a year ago	North Korean hackers exploit critical TeamCity flaw to breach networks
Malwarebytes	2 years ago	CISA issues alert with South Korean government about DPRK's ransomware antics
CERT-EU	a year ago	What Lies Beneath