The report did not name the countries where the attacks originated or say if data had been stolen from the regulatory agency, which holds sensitive data on the nuclear power industry.
Reuters was not immediately able to access the report, which Nextgov said it obtained through a Freedom of Information request.
"The few attempts documented in the OIG Cyber Crimes Unit report as gaining some access to NRC networks were detected and appropriate measures were taken," NRC spokesman David McIntyre said.
In one of the three cases, 12 employees clicked on a link in a phishing email that took them to what the agency believed was a tainted spreadsheet, McIntyre said.
In another case, attackers compromised the personal email account of an NRCemployee, then sent malicious emails to 16 agency workers,McIntyre told Reuters.
Read MoreRussia PM's Twitter hacked, posts 'I am resigning'
Cyber attacks involving organizations in the energy sector are rarely disclosed by the government.
Officials say they keep information about cybersecurity secret both to prevent hackers from identifying ways to launch copycat attacks,and to encourage businesses to share information with the government without fear of potentially negative publicity.
In May, the Department of Homeland Security reported that a sophisticated hacking group had attacked an undisclosed U.S. public utility and compromised its control system network, though there was no evidence that the utility's operations were affected.
Read MoreChinese hackers target 4.5M US patients
Last year, the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, responded to 256 cyber incident reports, more than half of them in the energy sector. While that is nearly double the agency's 2012 caseload,there was not a single incident that caused a major disruption.