Dtrack Malware Found on Kudankulam Nuclear Power Plant's Network

A couple of weeks back, Kaspersky disclosed the existence of Dtrack malware that has affected enquiry centers and enterprises across 15 states of India. Turns out, a nuclear ability establish has been afflicted by it besides.

Kudankulam Nuclear Ability Constitute (KNPP) of Tamil Nadu is the affected nuclear power plant. Officials at the KNPP initially denied the being of the malware infection and claimed that a cyber assault on the powerplant is not possible. Still, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed the security breach.

"Identification of malware in NPCIL organization is right…The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the cyberspace connected network used for administrative purposes.", told NPCIL in a argument.

The malware infection got noticed by a Twitter user through a recent VirusTotal upload. This malware sample reportedly included hardcoded credentials for KNPP'south internal network.

https://twitter.com/a_tweeter_user/condition/1188811977851887616

NPCIL emphasizes that the malware affected only the authoritative network of the power plant and the critical internal network remains unaffected. Both these networks are isolated, according to NPCIL.

For those unaware of Dtrack, it is a Remote Access Trojan (RAT) capable of recording your keystrokes, retrieving browser history, uploading or downloading files and much more. Lazarus Group also has a similar malware named ATMDtrack, a malware targeting ATM credentials.

Considering the rail record of the Lazarus Group, this is more likely to be an accidental infection as ZDNet points out since the grouping is more than interested in financial institutions rather than industries. I promise the Indian regime takes the necessary steps to prevent such malware attacks in the time to come.