Malware targeting nuclear power plants

Malware associated with North Korean state-sponsored hackers has been identified on the network of an Indian nuclear power plant.

Security researchers discovered the presence of a variant of Dtrack malware on the networks of the Kudankulam Nuclear Power Plant (KNPP) following an unexpected outage of one of its reactors. Dtrack is a Trojan-style malware program purportedly created by the elite North Korean hacking team known as the Lazarus Group.

Despite initially denying reports of a malware infection, the Nuclear Power Corporation of India Limited (NPCIL) confirmed the attacks October 30 in a press release.

“Identification of malware in NPCIL system is correct,” stated the release, concluding that investigations of the event confirmed “that the plant systems are not affected.”

Investigation of the malware deployed found hard-coded credentials for the KNPP, suggesting that the infection was a targeted attack.

Dtrack has traditionally been associated with attacks on financial systems, including banks in South Korea and India. It was also deployed as part of the WannaCry ransomware strain.