Sellafield cyber attack: Government refutes breach claims

Sellafield nuclear plant pictured with grey clouds in background, England
(Image credit: Getty Images)

An alleged cyber attack on the Sellafield nuclear site has been refuted by the UK government following an expose by The Guardian.

Chinese and Russian-linked threat actors are said to have successfully breached the nuclear site, raising questions over a potential cover-up by senior staff, according to an investigation by the publication.

According to The Guardian, “sleeper malware”, was found to have been embedded in Sellafield computer networks. The use of this malware could have enabled threat actors to gain vital details on safety practices at the site, as well as information on the movement of nuclear waste materials.

However, the UK government has since refuted the claims, insisting that there is no evidence of a successful attack against Sellafield networks.

“We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian,” a spokesperson said.

“Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system,” the statement added. “We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection.”

In its statement, the UK government called on the publication to “provide evidence” related to the attack, adding that it has failed to provide concrete information on the legitimacy of the claims.

Sellafield cyber attack: What happened?

The cyber attack on Sellafield computer systems allegedly dates back several years, with signs of compromise first detected “as far back as 2015”, sources told The Guardian.

It was then that experts first identified the alleged malware on IT systems.

The extent of the alleged breach – and whether said malware has been eradicated – is still unknown. However, sources told The Guardian that “some of Sellafield’s most sensitive activities”, including the movement of radioactive materials, were compromised in the incident.

Sources insisted that state-linked actors were able to access the “highest echelons of confidential material” at the site.

Sellafield hosts the largest store of plutonium on earth, and essentially acts as a dumping ground for nuclear waste used in UK weapons programs and power generation schemes.

It is among the most highly-guarded facilities in Britain, with armed on-site security personnel.


2023 ThreatLabz state of ransomware report

(Image credit: Zscaler)

Safeguard your organization against ransomware attacks with a zero-trust strategy


Jamie Ahktar, CEO and co-founder at CyberSmart, said the allegations raise serious concerns over the state of security practices at the site, if proven legitimate.

“It almost goes without saying, but the details of this breach are very concerning,” he said.

“Not only does the potential identification of ‘sleeper’ malware illustrate the sophistication of state-sponsored attacks but if the breach has lain undetected since 2015 it poses serious questions about Sellafield’s cyber defences.”

“Given that the site has faced several problems with its cyber security over the years, we hope this incident serves as a reminder, not just to Sellafield, but to all parts of the UK’s critical infrastructure and the small businesses that work in tandem with it to take cyber security seriously.”

The security issues cited by Ahktar in this instance refer to a series of lapses by staff at Sellafield in recent years. A report from 2012 warned of “critical security vulnerabilities” at the site.

Sources told The Guardian that “special measures” were placed on Sellafield last year due to concerns about cyber security practices, with the Office for Nuclear Regulation (ONR) reportedly planning to prosecute individuals for cyber-related failures.

Insiders at the regulator said that external contractors were able to plug memory sticks into Sellafield systems while unsupervised while an incident in July 2022 saw login details and passwords for IT systems broadcast on a BBC One show as part of a tour of the facility.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.