Indian nuclear power plant infected with possible North Korean malware

One of India’s largest nuclear power plants is infected with malware. It would not be destructive malware like Stuxnet, but malware linked to the North Korean Lazarus group.

The Indian nuclear regulator has confirmed the presence of the malware. The malware is said to have been distributed via a computer in the administrative part of the network. According to the regulator, that part was not connected to the control systems of the plant. Therefore, manipulation of the energy network was not possible, although al security researcher Pukhraj Singh earlier this week that the malware had domain controller-level access.

It has long been rumored that the country’s newest and largest nuclear power plant, Kudankulam in Tamil Nadu state, had been hit by malware. The malware is said to have been discovered in early September by security researcher Singh, who reported it to the Indian National Cyber ​​Security Council. A source told The Indian Express newspaper that it immediately launched an investigation into the safety of the plant.

It would be the DTrack malware, security experts say. That is a form of malware that is linked to the Lazarus group, a hacker group that in turn is linked to the North Korean regime. The group previously deployed the malware during the DarkSeoul malware campaign that targeted banks and media companies in South Korea. DTrack is not a destructive malware like Stuxnet, which aimed to sabotage Iran’s nuclear program. The malware is said to be intended for espionage. It is not known whether the malware was looking for specific information.