All started with the fact that the Indian information security researcher Pukhraj Singh wrote on Twitter that a few months ago he informed the Indian authorities about the Dtrack malware, which successfully penetrated the “extremely important sites” of the Kudankulam nuclear power plant. According to him, the malware managed to gain access at the level of a domain controller at a nuclear facility.
“So, it’s public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit”, — writes Pukhraj Singh.
The researcher’s tweet attracted a lot of attention, because several days ago at the same nuclear power plant one of the reactors unexpectedly stopped, and many decided that the attack was to blame.
Initially, the NPP administration denied that Kudankulam had been infected in any way by issuing a statement in which Singh’s tweets were called “false information” and the cyber attack was “impossible.”
But now, the Indian Atomic Energy Corporation has reported that statements by nuclear power representatives did not quite correspond to the truth, and a cyberattack did occur. The official version of NPCIL says that the malware penetrated the administrative network of the nuclear power plant, infecting one computer, but did not reach the critical internal network of the nuclear power plant, which is used to control nuclear reactors.
Moreover, NPCIL confirmed the information published by Singh, saying that in early September they really received a notification from the Indian CERT, when malware was only detected.
Recall that researchers associate the Dtrack malware with the notorious North Korean hack group Lazarus. Dtrack is commonly used for intelligence purposes and as a dropper for other malware, and ATMDtrack was aimed at Indian financial institutions.
An incomplete list of features of the detected Dtrack payload executables included:
In addition, droppers contained tools for remote administration of the PC (Remote Administration Tool, RAT). The RAT executable file allows attackers to perform various operations on the host, such as downloading, downloading, launching files, and so on.
Read also: Previously unknown governmental group Avivore attacked Airbus
Interestingly, the malware sample that Singh drew attention to included hard-coded credentials for the Kudankulam NPP internal network. This suggests that the malware was specially created for distribution and work inside the power plant network.
However, it still remains unclear (officials haven’t commented on this at all) whether this attack was targeted or if the nuclear power plant was accidentally infected, which is also likely given the recent Dtrack activity in India.
About News-bfopeci.info News-bfopeci.info pop-ups can not open out of nowhere. If you have clicked on…
About News-bfugaho.info News-bfugaho.info pop-ups can not introduce out of the blue. If you have clicked…
About News-bganise.info News-bganise.info pop-ups can not launch out of the blue. If you have actually…
About News-xhijupa.com News-xhijupa.com pop-ups can not introduce out of the blue. If you have clicked…
About News-xnicini.cc News-xnicini.cc pop-ups can not open out of the blue. If you have clicked…
About News-xpafema.cc News-xpafema.cc pop-ups can not launch out of nowhere. If you have clicked on…