Ukrainian authorities are investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency.
The investigation is being led by the Ukrainian Secret Service (SBU), who is looking at the incident as a potential breach of state secrets due to the classification of nuclear power plants as critical infrastructure.
Investigators are examining if attackers might have used the mining rigs as a pivot point to enter the nuclear power plant’s network and retrieve information from its systems, such as data about the plant’s physical defenses and protections.
Mining rig seized in July
According to authorities, the incident took place in July at the South Ukraine Nuclear Power Plant, located near the city of Yuzhnoukrainsk, in southern Ukraine.
It’s unknown how the scheme was discovered, but on July 10 the SBU raided the nuclear power plant, from where it seized computers and equipment specifically built for mining cryptocurrency.
This equipment was found in the power plant’s administration offices, and not on its industrial network.
Confiscated equipment included two metal cases containing basic computer parts, but with additional power supplies, coolers, and video cards. According to court documents [1, 2], one case held six Radeon RX 470 GPU video cards, and the second five.
Further, the SBU also found and seized additional equipment[1, 2] that looked like mining rigs in the building used as barracks by a military unit of the National Guard of Ukraine, tasked with guarding the power plant.
Several employees have been charged for their involvement in the scheme, but not yet arrested. It’s unclear if any military staff was charged.
Officials believe the suspects attempted their scheme because of a recent spike in cryptocurrency trading prices, after a long period during which they fell.
Ukrainian news site UNIAN first reported the investigation.
Not the first incident of its kind
This incident isn’t the first time that state employees have abused their access to large sources of electricity or computing power to mine cryptocurrency.
In February 2018, Russian authorities arrested engineers from the Russian Nuclear Center for using the agency’s supercomputer to mine cryptocurrency.
A month later, Australian officials began an investigation into a similar case at the Bureau of Meteorology, where employees used work computers to mine cryptocurrency.
A month after that, in April 2018, an employee at the Romanian National Research Institute for Nuclear Physics and Engineering was also caught mining cryptocurrency at work. Local news outlets reported that the employee brought his own mining rig and connected it to the institute’s electrical network, which was recently expanded to support one of the most powerful lasers in the world.