MANILA, Philippines – The Nuclear Power Corporation of India Limited (NPCIL) confirmed Wednesday, October 30, some of its systems had been affected by malware made by state-sponsored hackers from North Korea, ZDNet reported.
Reports of the Kudankulam Nuclear Power Plant (KNPP) being infected were circulating Monday, after Pukhraj Singh, a former security analyst for the country's National Technical Research Organization noted a malware infection at KNPP.
So, it's public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit. https://t.co/rFaTeOsZrw pic.twitter.com/OMVvMwizSi
— Pukhraj Singh (@RungRage) October 28, 2019
Security researchers said the malware was called Dtrack, which is a form of backdoor trojan made by North Korea's Lazarus Group.
– Local IP, MAC, OS install information (including registered org) via registry
– Browser history
– Connectivity to local IP
– Compspec, ipconfig, netstat info
— Kevin Perlow (@KevinPerlow) October 28, 2019
Officials at the power plant originally denied being affected by the malware, but the NPCIL – the KNPP's parent company – eventually released a statement confirming Dtrack hit its administrative network but not its internal network, which is used to control the nuclear reactors of the plant.
Dtrack is generally seen as a tool for network reconnaisance, and as a means of inserting more powerful malware into infected systems, usually for financial gain.
The malware infection at the power plant, while seemingly severe, may have thus been accidental. Kaspersky in September reported on Dtrack and other similar malware being seen in India's financial sector. – Rappler.com