I am not a happy camper. This is exactly why I have been insisting on security awareness training for employees at critical infrastructure organizations. This could have been a Real Life Halloween Horror Story.
The malware infected only their admin network, which is air-gapped from the power plant network—and could even be accidental—but.... Natanz/STUXnet anyone?
ZDNet broke the news: "The network of one of India's nuclear power plants was infected with malware created by North Korea's state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today.
Pukhraj Singh, a former security analyst for India's National Technical Research Organization (NTRO), pointed out that a recent VirusTotal upload was actually linked to a malware infection at the KNPP.
The particular malware sample included hardcoded credentials for KNPP's internal network, suggesting the malware was specifically compiled to spread and operate inside the power plant's IT network. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea's elite hacking unit.
Most of North Korea's offensive hacking efforts have been focused on attaining insight into diplomatic relations, tracking former North Korean citizens who fled the country, or hacking banks and cryptocurrency exchanges to gather funds for the Pyongyang regime to raise funds for its weapons and missile programs.
ZDNet has the story with links:
https://www.zdnet.com/article/confirmed-north-korean-malware-found-on-indian-nuclear-plants-network/
