The Jim Bakker Show

Investor group seeks probe into SEC hack, urges data rules delay

FILE PHOTO: The headquarters of the U.S. Securities and Exchange Commission (SEC) are seen in Washington,U.S., on July 6, 2009. REUTERS/Jim Bourg/File Photo

By Michelle Price

WASHINGTON (Reuters) – A global investor group on Friday called for an independent investigation into a cyber breach at the U.S. Securities and Exchange Commission (SEC) and urged the regulator to delay new data-gathering rules until it could assure investors that its computer systems were secure.

Wall Street’s top regulator came under fire on Thursday after admitting hackers had breached its database of corporate announcements in 2016 and might have used it for insider trading.

The Investment Company Institute (ICI), which represents over 95 million U.S. shareholders, wants the SEC to clear up concerns about its cyber defenses before requiring funds to submit monthly performance data to the regulator, Paul Schott Stevens, the group’s chief executive, told Reuters in a phone interview.

“What the SEC breach now makes very clear is precisely what we were concerned about – that market-sensitive information of that nature can be exploited to the disadvantage of millions and millions of investors,” Stevens said.

ICI, whose members hold $20 trillion plus in assets, has raised concerns about how the SEC safeguarded industry data it gathers since 2015.

“I’m certain there will be a full inquiry by the Government of Accountability Office – and there should be, so we understand exactly what happened here,” Stevens said.

In a July report, the Government Accountability Office (GAO), a congressional watchdog, criticized the SEC for failing to fully protect its computer networks from cyber attacks and recommended a slew of improvements. Some of recommendations it had made in previous reports had still not been implemented, it noted.

Former SEC Chair Mary Jo White, in office when the hack occurred, told Reuters in 2016 that cyber security posed the biggest risk to the U.S. financial system.

Her successor, Jay Clayton, uncovered the full extent of the hack after launching a review of the SEC’s cyber security standards earlier this year.

“Some recommendations the GAO made haven’t yet been implemented. There’s obviously a failure here of some kind. That’s why we’re so glad Chairman Clayton has moved to address this,” said Stevens.

The SEC declined to comment.

New reporting rules which start to come into force in December would require funds for the first time to confidentially file complete monthly portfolio holdings with the SEC, data which the ICI has said could easily be used for insider trading if obtained by hackers.

“Until that information security environment has been established, funds should continue to collect data quarterly, not monthly information, as quarterly data is not nearly as sensitive,” said Stevens.

The SEC disclosure came two weeks after credit-reporting company Equifax Inc said a breach had exposed sensitive personal of data up to 143 million U.S. customers. This followed last year’s cyber attack on SWIFT, the global bank messaging system.

Stevens said rules governing the disclosure of such breaches should be tighter for both public and private organizations.

“That disclosure obligation fixes the mind on need to fix the breach in the first instance.”

(Reporting by Michelle Price; editing by Richard Chang and Jonathan Oatis)

Exclusive: U.S. Homeland Security found SEC had ‘critical’ cyber weaknesses in January

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

The report’s findings raise fresh questions about a 2016 cyber breach into the U.S. market regulator’s corporate filing system known as “EDGAR.” SEC Chairman Jay Clayton disclosed late Wednesday that the agency learned in August 2017 that hackers may have exploited the 2016 incident for illegal insider-trading.

The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC. But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.

The hack, two weeks after credit-reporting company Equifax <EFX.N> said hackers had stolen data on more than 143 million U.S. customers, has sent shockwaves through the U.S. financial sector.

An SEC spokesman did not have any comment on the report’s findings.

It is unclear if any of those critical vulnerabilities, detected after a scan of 114 SEC computers and devices, still pose a threat.

During the Obama administration, such scans were done on a weekly basis.

“I absolutely think any critical vulnerability like that should be acted on immediately,” said Tony Scott, the former federal chief information officer during the Obama administration who now runs his own cybersecurity consulting firm.

“This is what was at the root of the Equifax hack. There was a critical vulnerability that went unpatched for some long period of time. And if you’re a hacker, you are going to … try to see if you can exploit it in some fashion or another. So there is a race against the clock.”

For the past several years, the Department of Homeland Security has been producing a report known as the “Federal Cyber Exposure Scorecard.” It provides a weekly snapshot to more than 80 civilian government agencies about potential outstanding cyber weaknesses and how long they have persisted without being patched.

A directive by Homeland Security requires agencies to address critical vulnerabilities within 30 days, though sometimes that deadline can be difficult to meet if it might disrupt a government system.

The January snapshot shows improvements have been made across the government since May 2015, when there were a total of 363 critical vulnerabilities on devices across all of the civilian agencies, according to the report.

As of January 23, by contrast, there were a total of 40 critical vulnerabilities across the agencies reviewed by DHS and another 280 weaknesses categorized as “active high,” which is the second more severe category.

The top four agencies with the most “critical” vulnerabilities as of January 23 included the Environmental Protection Agency, the Department of Health and Human Services, the General Services Administration and the SEC.

However, more vulnerabilities do not necessarily mean one agency is worse than another because things depend on how many computers or devices known as “hosts” were scanned and what kinds of information could potentially be exposed.

“All it takes is one,” Scott said. “You can have one host and one vulnerability and your risk might be 10 times as high as someone who has 10 hosts and ten vulnerabilities.”

(Reporting by Sarah N. Lynch; Editing by Nick Zieminski)

Equifax says 100,000 Canadians likely affected by data breach

Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell

TORONTO (Reuters) – Credit scoring company Equifax Inc said on Tuesday that the personal details of around 100,000 Canadians were exposed in the massive breach it disclosed earlier this month.

The company said criminals got access to files containing personal information of some Canadian consumers – including names, addresses, social insurance numbers and in some cases credit card information – via a consumer website application intended for use by U.S. consumers.

It was the first estimate of Canadian exposure the company has provided since saying on Sept. 7 that Canadian and UK residents were also at risk in the attack, in which details on some 143 million U.S. consumers had been exposed.

Lisa Nelson, the president and general manager of Equifax Canada, apologized to those who may have been affected and acknowledged frustration about a lack of clarity, saying the company would write to them with steps they should take.

Equifax said last week that it would likely need to contact fewer than 400,000 British consumers whose personal information may have been accessed in the breach.

(Reporting by Alastair Sharp; Editing by Dan Grebler)

Key U.S. senators demand answers on Equifax hacking

By David Shepardson and Dustin Volz

WASHINGTON (Reuters) – Two key U.S. senators on Monday asked Equifax Inc <EFX.N> to answer detailed questions about a breach of information affecting up to 143 million Americans, including whether U.S. government agency records were compromised in the hack.

Senator Orrin Hatch, who chairs the Finance Committee, and ranking Democrat Ron Wyden, also demanded that Equifax Chief Executive Rick Smith provide a timeline of the breach and its discovery. They asked for information on when authorities and the company’s board were notified and when three executives who sold stock in the company in August were first told of the data breach.

Equifax did not immediately respond to a request for comment on the letter. It came amid mounting scrutiny of the company’s response to the breach from lawmakers, regulators and security experts, prompting the credit-monitoring services to issue an apology on Friday and pledge to dedicate more resources to helping affected consumers.

“The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers,” the letter said.

Equifax announced last week that it learned on July 29 that hackers had infiltrated its systems in mid-May, pilfering names, birthdays, addresses and Social Security and driver’s license numbers. Cyber security experts said it was among the largest data hacks ever recorded and was particularly troubling due to the richness of the information exposed.

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose of stock worth about $1.8 million, regulatory filings show.

Equifax said in a statement last week that the executives were not aware that an intrusion had occurred when they sold their shares.

Hatch and Wyden asked Smith to respond by Sept. 28. Other congressional committees have announced plans to hold hearings investigating the Equifax breach and want answers.

The senators want to know if Equifax has a chief information security officer and over the past two years “how many times has Equifax employed third-party cyber security experts to conduct penetration tests of its internal and external systems?” The senators want copies of all Equifax penetration test and audit reports by outside cyber security firms.

Separately, a group of 20 Democratic senators asked Equifax to end its use of forced arbitration agreements, which limit the ability of consumers to pursue claims, and not to lobby to reverse a new rule from the Consumer Financial Protection Bureau to limit the use of forced arbitration in the financial services sector.

(Reporting by Dustin Volz and David Shepardson; Editing by Andrew Hay and Jonathan Oatis)

Hackers gain entry into U.S., European energy sector, Symantec warns

By Dustin Volz

WASHINGTON (Reuters) – Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday.

The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview.

The research adds to concerns that industrial firms, including power providers and other utilities, are susceptible to cyber attacks that could be leveraged for destructive purposes in the event of a major geopolitical conflict.

In June the U.S. government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, saying in an alert seen by Reuters that hackers sent phishing emails to harvest credentials in order to gain access to targeted networks.

Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.

He said dozens of companies had been targeted and that a handful of them, including in the United States, had been compromised on the operational level. That level of access meant that motivation was “the only step left” preventing “sabotage of the power grid,” Chien said.

However, other researchers cast some doubt on the findings.

While concerning, the attacks were “far from the level of being able to turn off the lights, so there’s no alarmism needed,” said Robert M. Lee, founder of U.S. critical infrastructure security firm Dragos Inc, who read the report.

Lee called the connection to Dragonfly “loose.”

Dragonfly was previously active from around to 2011 to 2014, when it appeared to go dormant after several cyber firms published research exposing its attacks. The group, also known as Energetic Bear or Koala, was widely believed by security experts to be tied to the Russian government.

Symantec did not name Russia in its report but noted that the attackers used code strings that were in Russian. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.

(Reporting by Dustin Volz; Editing by Leslie Adler)

U.S. state election officials still in the dark on Russian hacking

FILE PHOTO: Voters cast their votes during the U.S. presidential election in Elyria, Ohio, U.S. November 8, 2016. REUTERS/Aaron Josefczyk/File Photo

By Dustin Volz

ANAHEIM, Calif. (Reuters) – The federal government has not notified U.S. state election officials if their voting systems were targeted by suspected Russian hackers during the 2016 presidential campaign, and the information will likely never be made public, a top state election chief told Reuters.

“You’re absolutely never going to learn it, because we don’t even know it,” Judd Choate, state election director for Colorado and president of the National Association of State Election Directors, said in an interview on Thursday during the group’s summer conference.

Nearly 10 months after Republican Donald Trump’s upset presidential victory over Democrat Hillary Clinton, Choate said he had not spoken to a single state election director who had been told by the U.S. Department of Homeland Security if their state was among those attacked.

The lack of information-sharing on the election breaches reflects the difficulty state and federal officials have had in working together to protect U.S. voting from cyber threats. All U.S. elections are run by state and local governments, which have varying degrees of technical competence.

DHS told Congress in June that 21 states were targeted during the 2016 presidential race, and that while a small number were breached, there was no evidence any votes were manipulated.

Other reports have said 39 states were targeted. Choate said he had heard both numbers mentioned.

Several lawmakers, including Senator Mark Warner, the top Democrat on the U.S. Senate Intelligence Committee, have expressed frustration at DHS’ refusal to identify which states had been targeted. Arizona and Illinois confirmed last year that hackers had targeted their voter registration systems.

In a statement, the DHS did not refute that states had not been notified if they were targeted, adding the agency informed the owners or operators of systems potentially victimized “who may not necessarily” be state election officials.

DHS was working with senior state election officials “to determine how best to share this information while protecting the integrity of investigations and the confidentiality of system owners,” the agency said.

U.S. intelligence agencies have concluded that the Kremlin orchestrated an operation that included hacking and online propaganda intended to tilt the November election in Trump’s favor.

Several congressional committees are investigating and Special Counsel Robert Mueller is leading a separate probe into the Russia matter, including whether Moscow colluded with the Trump campaign. Russia has denied election meddling and Trump has denied any collusion.

‘LEARN FROM THE MISSTEPS’

The four-day conference of election directors was originally supposed to be about issues like voter registration, but took a sharp turn following the election hacking.

“After the 2000 election, we all had to be lawyers,” Choate said. “And now after the 2016 election, we all have to be cyber security experts.”

DHS representatives at the event fended off questions about whether the federal government would be prepared to mobilize sufficient support for the states in the event of a catastrophic cyber attack near or during the 2018 elections.

“We want to make sure we learn from the missteps that may have happened in 2016 and we want to make sure we continue building on the things we did that were right,” Robert Gatlin, a DHS cyber official, said during a panel discussion.

Gatlin said the agency was working with U.S. intelligence agencies to “downgrade” more classified information so it could be shared with the states. Information about cyber attacks is typically guarded by a high classification because it may involve nation-state involvement or contain sensitive sources and methods, he said.

Legislation recently approved by the Senate Intelligence Committee would require the director of national intelligence to sponsor top-secret security clearance for eligible election officials in each state, something the National Association of Secretaries of State has advocated.

The bill would also require DHS to submit a report to Congress detailing cyber attacks and attempted cyber attacks by foreign governments on U.S. election infrastructure during the 2016 election.

Choate said communication about cyber threats had improved with federal agencies since the election and the decision by the outgoing Obama administration in January to elevate voting systems to a “critical infrastructure designation.”

Prior to the election, some state officials worried that closer oversight of election systems represented a dangerous federal intrusion into local affairs.

(Reporting by Dustin Volz; Editing by Jonathan Weber and Peter Cooney)

North Korea hacking increasingly focused on making money more than espionage: South Korea study

A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

By Christine Kim

SEOUL (Reuters) – North Korea is behind an increasingly orchestrated effort at hacking into computers of financial institutions in South Korea and around the world to steal cash for the impoverished country, a South Korean state-backed agency said in a report.

In the past, suspected hacking attempts by North Korea appeared intended to cause social disruption or steal classified military or government data, but the focus seems to have shifted in recent years to raising foreign currency, the South’s Financial Security Institute (FSI) said.

The isolated regime is suspected to be behind a hacking group called Lazarus, which global cybersecurity firms have linked to last year’s $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony’s Hollywood studio.

The U.S. government has blamed North Korea for the Sony hack and some U.S. officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.

In April, Russian cybersecurity firm Kaspersky Lab also identified a hacking group called Bluenoroff, a spin off of Lazarus, as focused on attacking mostly foreign financial institutions.

The new report, which analyzed suspected cyber attacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.

“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”

Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.

Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry “ransomware” cyber attack that infected more than 300,000 computers in 150 countries in May.

“We’ve seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum – these exchanges likely present an attractive target,” said Luke McNamara, senior analyst at FireEye, a cybersecurity company.

North Korea has routinely denied involvement in cyber attacks against other countries. The North Korean mission to the United Nations was not immediately available for comment.

ATM, ONLINE POKER

The report said the North Korean hacking group Andariel has been spotted attempting to steal bank card information by hacking into automated teller machines, and then using it to withdraw cash or sell the bank information on the black market. It also created malware to hack into online poker and other gambling sites and steal cash.

“South Korea prefers to use local ATM vendors and these attackers managed to analyze and compromise SK ATMs from at least two vendors earlier this year,” said Vitaly Kamluk, director of the APAC research center at Kaspersky.

“We believe this subgroup (Andariel) has been active since at least May 2016.”

The latest report lined up eight different hacking instances spotted within the South in the last few years, which North Korea was suspected to be behind, by tracking down the same code patterns within the malware used for the attacks.

One case spotted last September was an attack on the personal computer of South Korea’s defense minister as well as the ministry’s intranet to extract military operations intelligence.

North Korean hackers used IP addresses in Shenyang, China to access the defense ministry’s server, the report said.

Established in 2015, the FSI was launched by the South Korean government in order to boost information management and protection in the country’s financial sector following attacks on major South Korean banks in previous years.

The report said some of the content has not been proven fully and is not an official view of the government.

(Additional reporting by Jeremy Wagstaff in SINGAPORE; Editing by Soyoung Kim and Michael Perry)

U.S. Justice Department shuts down dark web bazaar AlphaBay

By Dustin Volz

WASHINGTON (Reuters) – The U.S. Justice Department said on Thursday it had shut down the dark web marketplace AlphaBay, working with international partners to knock offline the site accused of allowing a global trade in drugs, firearms, computer hacking tools and other illicit goods.

Authorities said the law enforcement action was one of the largest ever taken against criminals on the dark web, part of the internet that is accessible only through certain software and typically used anonymously.

AlphaBay allowed users to sell and buy opioids, including fentanyl and heroin, contributing to a rising drug epidemic in the United States, Attorney General Jeff Sessions said at a news briefing in Washington, D.C. to announce the action.

“The dark net is not a place to hide,” Sessions said. “This is likely one of the most important criminal investigations of the year – taking down the largest dark net marketplace in history.

The move struck a blow to an international drug trade that has increasingly moved online in recent years, though some experts thought its impact would be limited.

“The takedown of AlphaBay is significant, but it’s a bit of a whac-a-mole,” said Frank Cilluffo, director of the Center for Cyber and Homeland Security at George Washington University.

Criminals, he said, “are going to flock to other places.”

AlphaBay mysteriously went offline earlier this month, prompting speculation among its users that authorities had seized the site. It was widely considered the biggest online black market for drugs, estimated to host daily transactions totaling hundreds of thousands of dollars.

The Justice Department said law enforcement partners in the Netherlands had taken down Hansa Market, another dark web marketplace.

AlphaBay and Hansa Market were two of the top three criminal marketplaces on the dark web, Europol chief Rob Wainwright said at the press conference.

The international exercise to seize AlphaBay’s servers also involved authorities in Thailand, Lithuania, Canada, Britain and France.

The operation included the arrest on July 5 of suspected AlphaBay founder Alexandre Cazes, a Canadian citizen arrested on behalf of the United States in Thailand.

Cazes was logged on to AlphaBay at the time of his arrest, allowing authorities to find his passwords and other information about the site’s servers, according to legal documents.

Cazes, 25, apparently took his life a week later while in Thai custody, the Justice Department said. He faced charges relating to narcotics distribution, identity theft, money laundering and related crimes.

FBI Acting Director Andrew McCabe said AlphaBay was ten times as large as Silk Road, a similar dark website the agency shut down in 2013.

About a year later, AlphaBay was launched, growing quickly in size and allowing users to browse goods via the anonymity service Tor and to purchase them with bitcoin currency.

(Additional reporting by Doina Chiacu and Julia Edwards Ainsley; Editing by Bernadette Baum)

U.S. Energy Department helping power firms defend against cyber attacks

FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1, 2017. REUTERS/Kacper Pempel/Illustration/File Photo

By Jim Finkle, Scott DiSavino and Timothy Gardner

(Reuters) – The U.S. Department of Energy said on Friday it is helping U.S. firms defend against a hacking campaign that targeted power companies including at least one nuclear plant, saying the attacks have not impacted electricity generation or the grid.

News of the attacks surfaced a week ago when Reuters reported that the U.S. Department of Homeland Security and Federal Bureau of Investigation issued a June 28 alert to industrial firms, warning them of hacking targeting the nuclear, power and critical infrastructure sectors.

“DOE is working with our government and industry partners to mitigate any impact from a cyber intrusion affecting entities in the energy sector,” a Department of Energy representative said in an email to Reuters. “At this time, there has been no impact to systems controlling U.S. energy infrastructure. Any potential impact appears to be limited to administrative and business networks.”

It was not clear who was responsible for the hacks. The joint report by the DHS and the FBI did not identify the attackers, though it described the hacks as “an advanced persistent threat,” a term that U.S. officials typically but not always use to describe attacks by culprits.

The DOE discussed its response to the attacks after Bloomberg News reported on Friday that the Wolf Creek nuclear facility in Kansas was among at least a dozen U.S. power firms breached in the attack, citing current and former U.S. officials who were not named.

A representative with the Wolf Creek Nuclear Operating Corp declined to say if the plant was hacked, but said it continued to operate safely.

“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” company spokeswoman Jenny Hageman said via email.

A separate Homeland Security technical bulletin issued on June 28 included details of code used in a hacking tool that suggest the hackers sought to use the password of a Wolf Creek employee to access the network.

Hageman declined to say if hackers had gained access to that employee’s account. The employee could not be reached for comment.

The June 28 alert said that hackers have been observed using tainted emails to harvest credentials to gain access to networks of their targets.

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

David Lochbaum, a nuclear expert at the nonprofit group Union of Concerned Scientists, said reactors have a certain amount of immunity from cyber attacks because their operation systems are separate from digital business networks. But over time it would not be impossible for hackers to potentially do harm.

“Perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs and work schedules with which to conduct a physical attack,” Lochbaum said.

The DOE said it has shared information about this incident with industry, including technical details on the attack and mitigation suggestions.

“Security professionals from government and industry are working closely to share information so energy system operators can defend their systems,” the agency representative said.

Earlier, the FBI and DHS issued a joint statement saying “There is no indication of a threat to public safety” because the impact appears limited to administrative and business networks.

The Nuclear Regulatory Commission has not received any notifications of a cyber event that has affected critical systems at a nuclear plant, said spokesman Scott Burnell.

A nuclear industry spokesman told Reuters last Saturday that hackers have never gained access to a nuclear plant.

(Reporting by Jim Finkle in Toronto, Scott DiSavino in New York and Timothy Gardner in Washington; Additional reporting by Dustin Volz in Washington and Joseph Menn in San Francisco; Editing by Bernard Orr)

U.S. warns businesses of hacking campaign against nuclear, energy firms

Department of Homeland Security emblem is pictured at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washington in Arlington, Virginia September 24, 2010. REUTERS/Hyungwon Kang/File Photo

By Jim Finkle

TORONTO (Reuters) – The U.S government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyber attacks.

Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, according to a joint report from the U.S. Department of Homeland Security and Federal Bureau of Investigation.

The report provided to the industrial firms was reviewed by Reuters on Friday. While disclosing attacks, and warning that in some cases hackers succeeded in compromising the networks of their targets, it did not identify any specific victims.

Homeland Security and FBI officials could not be reached for comment on the report, which was dated June 28.

The report was released during a week of heavy hacking activity.

A virus dubbed “NotPetya” attacked on Tuesday, spreading from initial infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupting activity at ports, law firms and factories.

On Tuesday the energy-industry news site E&E News reported that U.S. investigators were looking into cyber intrusions this year at multiple nuclear power generators.

Reuters has not confirmed details of the E&E News report, which said there was no evidence safety systems had been compromised at affected plants.

The activity described in the U.S. government report comes at a time when industrial firms are particularly anxious about threat that hackers pose to their operations.

Industrial firms, including power providers and other utilities, have been particularly worried about the potential for destructive cyber attacks since December 2016, when hackers cut electricity in Ukraine.

U.S. nuclear power generators PSEG <PEG.N>, SCANA Corp <SCG.N> and Entergy Corp <ETR.N> said they were not impacted by the recent cyber attacks. SCANA’s V.C. Summer nuclear plant in South Carolina shut down on Thursday due to a problem with a valve in the non-nuclear portion of the plant, a spokesman said.

Another nuclear power generator, Dominion Energy <D.N>, said it does not comment on cyber security.

Two cyber security firms said on June 12 that they had identified the malicious software used in the Ukraine attack, which they dubbed Industroyer, warning that it could be easily modified to attack utilities in the United States and Europe.

Industroyer is only the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The U.S. government report said attackers conducted reconnaissance to gain information about the individuals whose computers they sought to infect so that they create “decoy documents” on topics of interest to their targets.

In an analysis, it described 11 files used in the attacks, including malware downloaders and tools that allow the hackers to take remote control of victim’s computers and travel across their networks.

Chevron Corp <CVX.N>, Exxon Mobil Corp <XOM.N> and ConocoPhillips <COP.N>, the three largest U.S. oil producers, declined to comment on their network security.

(Reporting by Jim Finkle; Additional reporting by Timothy Gardner in Washington and Ernest Scheyder in Houston; editing by Grant McCool and Tom Brown)

Sign up for Jim Bakker Show