Plutonium

Threat Actor updated 23 days ago (2024-11-29T14:36:18.821Z)

Download STIX

Preview STIX

Plutonium, also known as Jumpy Pisces and Andariel, is a notable threat actor historically involved in cyberespionage, financial crime, and ransomware attacks. Recent reports indicate that this group has been breaching the IT systems of Sellafield, a site that holds the world's largest stockpile of plutonium, since 2015. These cyberattacks, reportedly backed by Russia and China, have allegedly been consistently covered up by senior staff at the site. The Group Cyberspace Collaboration Centre (GCCC), opened by the Nuclear Decommissioning Authority (NDA) near Sellafield, is likely to be a focal point for future cybersecurity efforts. The nuclear landscape is further complicated by recent activities in North Korea. The U.N. atomic agency and independent experts suggest that North Korea has begun operating a light-water reactor at its main nuclear complex, potentially securing a new source for weapons-grade plutonium. This development could enable Pyongyang to produce tritium for hydrogen bombs or conduct tests for developing small nuclear reactors used in nuclear-powered submarines. The lax regulatory environment of the mid-20th century, characterized by loose oversight of uranium and plutonium shipments, has contributed to the current situation. Former Atomic Energy Commission (AEC) chairman Glenn Seaborg noted the difficulty of tracking losses in America's nascent nuclear industry due to poor accounting and government regulations. These historical oversights, coupled with ongoing cyber threats from groups like Plutonium, underscore the urgent need for robust security measures in the nuclear sector.

Description last updated: 2024-11-28T11:55:29.034Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Andariel is a possible alias for Plutonium. Andariel, a threat actor controlled by North Korea's military intelligence agency, the Reconnaissance General Bureau, has been actively conducting cyber espionage and ransomware operations. The group funds its activities through ransomware attacks primarily targeting U.S. healthcare entities. In som	3
CVE-2023-42793 is a possible alias for Plutonium. CVE-2023-42793 is a critical security vulnerability identified in JetBrains TeamCity build management and continuous integration server. This flaw, characterized by an authentication bypass, was exploited by multiple threat actors throughout 2023 and into 2024. The first notable exploitation occurre	2
Onyx Sleet is a possible alias for Plutonium. Onyx Sleet, also known as Andariel, Silent Chollima, and Stonefly, is a North Korean state-sponsored cyber group under the RGB 3rd Bureau. This threat actor utilizes an array of malware to gather intelligence for North Korea, primarily conducting cyberespionage, but also engaging in ransomware activ	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Sellafield

Nuclear

Teamcity

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The ZINC Threat Actor is associated with Plutonium. Zinc, also known as Diamond Sleet, is a North Korea-based threat actor group that has been active since 2009. This group is notorious for its cyber-attacks aimed at collecting political, military, and economic intelligence on North Korea's foreign adversaries, and executing currency generation campa	Unspecified	2

Source Document References

Information about the Plutonium Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	24 days ago	Nuclear Decommissioning Authority Opens Sellafield Cyber Center
Unit42	2 months ago	Jumpy Pisces Engages in Play Ransomware
DARKReading	9 months ago	Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings
BankInfoSecurity	9 months ago	UK Nuclear Cleanup Site Faces Criminal Cybersecurity Charges
CERT-EU	a year ago	North Korea’s Kim vows to launch 3 more spy satellites and produce more nuclear materials in 2024
CERT-EU	a year ago	Kim Tells North Korea to Prepare for War He Says Is Inevitable
CERT-EU	a year ago	North Korea warns war inevitable, builds up spy satellites and nuclear arsenal
CERT-EU	a year ago	N. Korea’s new nuclear reactor likely fully operational next summer: Seoul
CERT-EU	a year ago	Techrights — Links 24/12/2023: Kangaroo Court Update and a Merry Christmas
DARKReading	a year ago	Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare
InfoSecurity-magazine	a year ago	Sellafield Accused of Covering Up Major Cyber Breaches
CERT-EU	a year ago	Credit Union outages, Nuclear site breach \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Sellafield rubbishes allegations of covering up a major malware attack in 2015
CERT-EU	a year ago	British Nuclear Power Facility Attacked
CERT-EU	a year ago	Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Cisco finally patches IOS XE after six days of zero day hits
CERT-EU	a year ago	North Korea ramps up intelligence-gathering cyberattacks
CERT-EU	a year ago	North Korean hackers exploit critical TeamCity flaw to breach networks
Malwarebytes	2 years ago	CISA issues alert with South Korean government about DPRK's ransomware antics
CERT-EU	a year ago	What Lies Beneath