Saturday, November 16, 2024
HomeCyber AttackNorth Korean Hackers Attack Indian Nuclear Power Plant Using Dtrack Malware...

North Korean Hackers Attack Indian Nuclear Power Plant [KKNPP] Using Dtrack Malware – What Happened Till Date

Published on

India’s largest nuclear power station, Kudankulam Nuclear Power Plant was hit with a cyber-attack earlier this year. Initially, the Kudankulam Nuclear Power Project has denied the cyber-attack that took place.

The news circle’s on twitter for the last couple of days after the security researcher Pukhraj Singh notified about the incident that took place.

Pukhraj Singh said that “Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.” He also added that he notified the incident to National Cyber Security Coordinator( NCSC) on Sep 4.

- Advertisement - SIEM as a Service
https://twitter.com/RungRage/status/1188853620541775872

The intrusion was detected by a third-party cybersecurity company and the company contacted Pukhraj Singh who notified the incident to NCSC and the IoCs shared by the third-party cybersecurity company to NCSC.

On September 23, Kaspersky reported about the DTrack spy malware, the malware attributed to Lazarus hacker group from North Korea.

Kudankulam Cyber Attack Denied Initially

The Kudankulam Nuclear Power Plant officials denied the attack initially saying some false information being circulated.

Training Superintendent and Information officer of Kudankulam Nuclear Power Plant (KKNP) said that the power station network was not connected to the Internet, so the cyberattack is not possible.

According to the notice from KKNP, on 29/10/2019, states that “This is to clarify Kudankulam Nuclear Power Plant(KNPP) and other Indian Power Plant Control Systems are stand-alone and not connected to outside cyber network and internet. Any cyber-attack on the Nuclear Power Plant Control System is not possible,”

Kudankulam Cyber Attack

The report is almost correct, Pankaj tweeted about the compromise of the domain controller and not the Industrial control system.

Domain controller (DC) – It is the server that handles security authentication requests within a Windows domain network.

Industrial control system (ICS)- Integration of hardware and software to support critical infrastructure.

Dtrack – A Lookup

Dtrack malware designed to spy on the victim machines, it includes following payload executables to extract sensitive information from the infected machines.

  • Keylogging
  • Retrieve browser history
  • Gather host IP addresses, information about available networks and active connections,
  • List all running processes,
  • List all files on all available disk volumes.

The malware also includes additional modules that allow an attacker to gain remote access to the system and can upload/download or execute files.

The Dtrack malware attributed to infamous North Korean state-sponsored Lazarus Group hacking known for conducting large scale attacks targeting government, military, financial, manufacturing, publishing, media, entertainment, and international shipping companies, as well as critical infrastructure.

Here is the Dtrack data collection break down.

Press Release Confirming the Incident

Congress MP Shashi Tharoor demanded an explanation from the government on Twitter: “This seems very serious. If a hostile power can conduct a cyber attack on our nuclear facilities, the implications for India’s national security are unimaginable. The Government owes us an explanation.”

Initially, it was denied, but some senior officials said that an internal audit confirmed that an incident occurred a d the hackers gained access to the plant’s administrative network.

NPCIL released a statement yesterday confirming the cyber attack and the infected computer belongs to the user who connected to the Internet of administrative purposes.

Kudankulam Cyber Attack

The report also confirms that the attack limited within the administrative network and the critical systems are air-gapped that are isolated from the administrative networks.

“Identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.”

By compromising the IT infrastructure attackers may try to penetrate to the other computer connected within the network and to steal information such as access controls, safety measures, and other details.

Nowadays Cybersecurity is a vital part of the process and infrastructure industry operations. From the past few years, cyber-attack tactics have increased and massive data is being grabbed and misused by many black hat people across many industries.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...