Indian nuke plant’s network reportedly hit by malware tied to N. Korea
Enlarge / The Kudankulam Nuclear Power Plant (KKNPP) was apparently targeted by a North Korean hacking campaign using the recently identified Dtrack spy malware. (credit: indiawaterportal.org )
A former analyst for India's National Technical Research Organization (NTRO) has tied a malware report published by VirusTotal to a cyber attack on India's Kudankulam Nuclear Power Plant. The malware, identified by researchers as North Korea's Dtrack, was reported by Pukhraj Singh to have gained "domain controller-level access" at Kudankulam. The attack has been reported to the government.
So, it's public now. Domain
controller-level access at Kudankulam Nuclear Power Plant. The
government was notified way back. Extremely mission-critical targets
were hit. https://t.co/rFaTeOsZrw
pic.twitter.com/OMVvMwizSi-
Pukhraj Singh (@RungRage) October
28, 2019
The attack likely did not affect reactor controls, but it may have targeted research and technical data. The attack apparently focused on collection of technical information, using a Windows SMB network drive share with credentials hard-coded into the malware to aggregate files to steal. Dtrack was tied to North Korea's Lazarus threat group by researchers based on code shared with DarkSeoul, a malware attack that wiped hard drives at South Korean media companies and banks in 2013.
Singh alluded to the attack in a September 7 tweet, in which he wrote, "I just witnessed a casus belli in the Indian cyberspace and it sucks at every level." He said that he did not discover the intrusion himself but learned of it from "a third party." Singh passed on the information to India's National Cyber Security Coordinator on September 4, and the third party shared the indicators of compromise "over the preceding days." Kaspersky later identified the malware involved as Dtrack, Singh said.
Read 3 remaining paragraphs | Comments