Man charged with attempted spear-phishing attack on U.S. Department of Energy

An indictment is charging a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC) with a total of four felony offenses in connection with an attempted email “spear-phishing” attack in January 2015, targeting dozens of Department of Energy employee e-mail accounts.

According to the affidavit, the goal of the attack was to cause damage to the computer network of the Department of Energy through a computer virus that was being delivered to particular department employees through emails, in order to extract sensitive, nuclear weapons-related government information.

The affidavit alleges that the accused sent those emails to over 80 Department of Energy computers in January 2015. The FBI was able to ensure that no computer virus or malicious code was actually transmitted to the government computers.

According to the affidavit, the former employee initially came to the attention of the FBI after he entered a foreign embassy and offered to provide classified information, which he claimed had been taken from the U.S. government.

Thereafter, he met with FBI undercover employees who were posing as representatives of the foreign country, and in exchange for a promised future payment, offered to design and send spear-phishing e-mails that could be used to damage the computer systems used by his former employer and to extract sensitive information from them.