Danger USB! Malware infects UN Nuclear Agency computers

An internal investigation has discovered that some of the computers at the International Atomic Energy Agency (IAEA) headquarters in Vienna have been infected for months with data-stealing malware.

However, the organisation – which reports to both the UN General Assembly and Security Council – says it believes that its network was not compromised.

Reuters, which first reported on the security incident after seeing a confidential note sent to member states, quoted agency spokesman Serge Gas, who confirmed some details:

Data from a number of Vienna International Centre (VIC) visitors’ USB drives (data memory sticks) is believed to have been compromised. The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further. No data from the IAEA network has been affected

Sign up to our newsletter
Security news, advice, and tips.

As Kevin Townsend at InfoSecurity Magazine reports, there’s something a bit odd here.

Normally, USB-aware malware has no qualms about infecting USB devices as they are inserted into infected PCs. But on this occasion, it appears that the malware was designed to harvest information from USB sticks as they were plugged into compromised computers.

In short, the intention wasn’t to spread – but to gather information.

This theory is given more credence by the acknowlegdement that the infected computers were located in the Vienna International Centre, a common area of the IAEA headquarters were staff and state officials work and meet.

Users of these shared computers might be very careful not to copy sensitive files from their USB sticks onto the PCs. But what if malware on those computers were secretly and silently harvesting any contents of plugged-in USB sticks anyway?

My hunch is that this was an attack, targeted against people who used the computers in the common area of the UN’s nuclear agency, with the intention of grabbing sensitive and confidential information.

The big questions that remain unanswered are this – who was behind the attack, and what happened to the sensitive data that the malware scooped up?

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.