Indian Nuke Plant's Network Reportedly Hit By Malware Tied To North Korea

North Korea is reportedly behind a cyberattack on India's Kudankulam Nuclear Power Plant. "The malware, identified by researchers as North Korea's Dtrack, was reported by [former analyst for India's National Technical Research Organization (NTRO) Pukhraj Singh] to have gained 'domain controller-level access' at Kudankulam," reports Ars Technica. "The attack has been reported to the government." From the report: The attack likely did not affect reactor controls, but it may have targeted research and technical data. The attack apparently focused on collection of technical information, using a Windows SMB network drive share with credentials hard-coded into the malware to aggregate files to steal. Dtrack was tied to North Korea's Lazarus threat group by researchers based on code shared with DarkSeoul, a malware attack that wiped hard drives at South Korean media companies and banks in 2013.

Singh alluded to the attack in a September 7 tweet, in which he wrote, "I just witnessed a casus belli in the Indian cyberspace and it sucks at every level." He said that he did not discover the intrusion himself but learned of it from "a third party." Singh passed on the information to India's National Cyber Security Coordinator on September 4, and the third party shared the indicators of compromise "over the preceding days." Kaspersky later identified the malware involved as Dtrack, Singh said. Officials at Kudankulam have said that the plant is safe from cyber attack because the control systems network is isolated from the plant's administrative networks, but they have not addressed what data may have been stolen.

So it's connected to the internet? WTF?

[brainchill]

This nuclear plant isn't on a protected network but is tied to the internet somehow .... this sounds like an episode of a TV show where lil bowwow and vanderbeek are computer scientists ;)

Re:

[paralumina01]

It's like people having their security cameras inside their house on the Internet. It doesn't make sense.

Re:

[ShanghaiBill]

It's like people having their security cameras inside their house on the Internet. It doesn't make sense.

Sure it does. With my cameras connected, I can check them if a motion detector is triggered when I am not home. When I am home, why should I care if the NSA watches me slicing tomatoes in the kitchen?

Re:

[PolygamousRanchKid]

When I am home, why should I care if the NSA watches me slicing tomatoes in the kitchen?

That one wouldn't work for me. Mine would be more like:

When I am home, why should I care if the NSA watches me slicing corpses in the kitchen?

Re:

[paralumina01]

If you are going through that trouble, why not use a private line to a private security firm instead? What are you going to do as you watch someone breaking in to your house and smashing around to steal things? Call the cops? How is that different than older security systems before they relied solely upon Internet access? Wouldn't you see these criminals outside your home before they are inside anyways?

Re:

[ZuckFucker]

It's actually quite useful if you're out of town and the alarm goes off. I travel a lot for work, live alone, and I've had this happen twice. In both cases, I was able to scan the place with my security cameras and cancel the alarm as false. In one case, a motion detector literally fell off the wall. Why the hell the installer used double back tape to attach it a few years prior boggles my mind. In the second case I was across the country and get an alarm in the middle of the night. I scanned the house, did

Re:

[ZuckFucker]

And of course, never trust this kind of thing to the likes of Zuck. Or Google.

Re:

[ShanghaiBill]

If you are going through that trouble,

What trouble? Installing an IoT camera takes about two minutes.

why not use a private line to a private security firm instead?

Why do I buy a $30 camera instead of spending thousands to hire a security firm?

I don't know, maybe because I am not totally retarded.

Re:

[The MAZZTer]

Article seems to say the systems were NOT connected to the internet. Somebody probably plugged in a USB thumb drive, either one that had been found planted in a parking lot to encourage an employee to plug it in to see what was on it, or it was an insider who intentionally infected the system.

Re:

[eliphalet]

It occurs to me that NOT connecting to the public internet is a risk too, because it invites people to use thumb drives and other expeditious workarounds. There is no cure for bad judgment.

Its NOT. Learn to Read

[ghoul]

The article clearly says the attack vector was a USB stick.

Re:

[Vaibhav Dalvi]

The were probably trying to put latest Bollywood movie into their common shared folder, from where everybody would just watch in office or copy to their own USB Stick to watch at home for families! What they did not know was the movie file was a .exe, with movie name and icon of that movie's screenshot! And when you double click it, it opens an inbuilt video player and does play the movie! .....

Me: I avoid exe's like the plague they are, and I run Linux on my home desktop and laptop. Last Virus infection wa

Re:

[jwhyche]

Idiocy to connect this to a public network. But why is North Korea still attached to the network? Pull the plug on that connection once and for all. There is no right for a nation to be on the internet.

Re:

[Surak_Prime]

Well, there's a couple of answers to this that occur to me.

One is that, much like with other means of getting information into their country like Radio Free Asia, I think there is hope and at least a small chance that Internet into NK is promoting ideas about freedom and democracy there. Information wants us to be free. Or something like that.

But the more relevant one in this particular case is that nowhere in the article does it say that attacks originated from ***NK IP addresses*** - and frankly that woul

Launch a nuke, launch a nuke!

[weilawei]

C'mon, don't be a coward! Hit them back! Nuke them, nuke them, nuke them!

Ok, I'm done trying to rile up the entertainment.

Nuke Seattle

[ghoul]

Microsoft is responsible for this poor security. Nuke Seattle

Re:

[markebenefit]

Amazon:https://www.amazon.com/dp/B07S2ZZMG8 YWECAN Car Cup Holder Phone Tablet Mount for iPhone Xs/XS Max/X/8/7 Plus & 7"-10.5" Tablets, Universal Car Cradles Adjustable Gooseneck for Apple iPhone iPad Pro Air Mini, Samsung Galaxy Tab

Insert yet more neocon BS

[notdecnet]

Sad watching slashdot spouting neocon propaganda.

"The attack likely did not affect reactor controls"

Doh, just who in their right mind would use Microsoft Windows to control a nuclear pile?

Re:

[mrops]

like they say, RTFA, it was the administrative network, control network is airgaped and not infected.

Re:

[account_deleted]

Comment removed based on user account deletion

Pakistan

[ghoul]

Pakistan and North Korea have had long cooperation. Most of Pakistan's long range missiles are rebranded North Korean ones and the NK nuke program has been helped a lot by the Pakis. Maybe the NKs gave the Pakis some Cyber weapons

Re:

[Vaibhav Dalvi]

Maybe you look too much like us for us to mistake you as one of us??

Just kidding... Apologies for my warmhearted brothers!

And sometimes they have been through so much and still able to smile, it's because they have this humanity ingrained from childhood, and they just want to share the same connections with the rest of the world. Especially my Sikh brothers - the ones with Turban and thick beards!

Re: WTF?

[Jeremi]

Possibly nothing; they just want to extort some Bitcoin as a source of funds, and will infect anything they can in order to do so. The hackers might not even know what theyâ(TM)ve hacked into.

Re:

[110010001000]

They were targeting research data.