Iranian hacking group Black Reward has claimed responsibility for a breach at the email server of the country's Bushehr nuclear power plant, in support of nationwide protests over the death of a young woman in police custody. Credit: Shutterstock 2033447216 The Atomic Energy Organization of Iran on Sunday confirmed that an email server at its Bushehr Nuclear Power Plant was hacked. The organization blamed a foreign country, but an Iranian hacking group that goes by the name Black Reward has claimed responsibility for the breach.The Atomic Energy Organization said that the IT group serving the Bushehr plant has examined and issued a report on the breach, and denied any sensitive information being exposed. The energy agency said the hack was intended to gain the attention of the public and media.“It should be noted that the content in users’ emails contains technical messages and common and current daily exchanges,” according to a statement on the organization’s website. “It is obvious that the purpose of such illegal efforts, which are carried out of desperation, is to attract public attention.” The Bushehr plant’s IT group has taken preventative measures in the wake of the hack, according to the atomic energy group. Despite the energy organization’s claims that the email hack was the result of nation-state cyberespionage, an Iranian hacking group that goes by the name Black Reward posted on Telegram and Twitter that it had hacked information about Iran’s nuclear activity at the Bushehr plant. The group claimed in posts on Saturday—a day before Atomic Energy Organization’s confrmation of the breach—that the hack was in support of the ongoing nationwide protests over the death of a young woman, Mahsa Amini, in police custody.Amini was taken into custody by the government’s morality police for allegedly not wearing her hijab properly. Her death in custody has sparked violent clashes between demonstrators and authorities for the last few weeks. Black Reward threatened to release hacked information in 24 hours unless the authorities released political prisoners and people arrested during the recent unrest.On Sunday, the group posted a link to their Telegram channel, from where the information can be downloaded. The information is a “cleaned, browser-viewable version” of about 85,000 email message, “perfect for researchers and journalists,” the group said on Twitter.The group claimed the leaked information included management and operational schedules of different parts of the Bushehr power plant, along with visas and passport information of Iranian and Russian nuclear experts working there, financial receipts, as well as agreements with local and foreign organizations.The Bushehr nuclear power plant was built using Russian technology in 2011 and is Iran’s first nuclear plant situated along the Persian Gulf. This weekend’s cyberattack on Bushehr was not the first time Iran’s nuclear program has been targeted.Stuxnet, a malicious worm first uncovered in 2010 had targeted and caused substantial damage to Iran’s nuclear program by infecting Windows PCs in the country’s Natanz nuclear facility. It is believed to be a cyberweapon built jointly by the US and Israel. Stuxnet reportedly ruined almost one-fifth of Iran’s nuclear centrifuges by infecting over 200,000 computers and causing 1,000 machines to physically degrade. If the claims of Black Reward are true, then revealing the operations of the country’s nuclear infrastructure might pave the way for more attacks like Stuxnet. In addition, any correspondence regarding agreements between local and foreign organizations and Iran’s Atomic Energy Organization is sure to be scrutinized by international agencies, as the nation’s nuclear program is under the inspection to verify safety and ensure it is not developing any nuclear weapon. Related content news analysis Chinese threat actor engaged in multi-year DNS resolver probing effort The unusual and persistent probing activity over the span of multiple years should be a reminder to organizations to identify and remove all open DNS resolvers from their networks. By Lucian Constantin Apr 30, 2024 7 mins Cyberattacks Network Security news Securiti adds distributed LLM firewalls to secure genAI applications The new offering is aimed at protecting against prompt injection, data leakage, and training data poisoning in LLM systems. By Shweta Sharma Apr 30, 2024 4 mins Generative AI news UnitedHealth hackers exploited Citrix vulnerabilities, CEO to testify In the written testimony before the House Energy and Commerce Committee, CEO Andrew Witty said after gaining access, the threat actor moved laterally within the systems using sophisticated methods and exfiltrated data. By Prasanth Aby Thomas Apr 30, 2024 3 mins Hacker Groups Cyberattacks Vulnerabilities opinion Close the barn door now! Avoid the risk of not monitoring retained access before it’s a problem There’s usually a strict protocol for granting access to systems or data to a new employee or contractor. But there are perils in not keeping tabs on that access as that person moves around or leaves. By Christopher Burgess Apr 30, 2024 6 mins CSO and CISO Access Control Human Resources PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe