The Nuclear Power Corporation of India Limited (NPCIL) has issued a press statement yesterday admitting that its digital infrastructure did go through a Dtrack malware attack. However, AK Nema, the associate director of NPCIL has cleared the air that the attack was neutralized before it could affect any sensitive infrastructure.
Going by the details, CERT-In (India’s Computer Emergency Response Team) was the first agency that detected the malware attack on September 4th, 2019 and is said to have reported the same to NPCIL in September 5th, 2019. DAE specialists investigated the matter and continuously monitored the networks after the incident and found that the plant systems were not affected.
The NPCIL power plant is officially called as Kundankulam Nuclear Power Project and is located in Southern Indian State of Tamil Nadu.
Coming to the DTrack Malware, it has so far affected only ATMs Operating across India and for the first time is said to have infected computer systems of a nuclear power plant.
According to Kaspersky, Dtrack is a malware devised by the Lazarus APT group of North Korea and is known to infect critical systems related to industrial units. In the year 2017, it was devised to hack ATMs across South Korea by the North Korean intelligence and is now reported to be used on the digital infrastructure of India.
Security researchers claim that the Dtrack malware virus can record keylogging, retrieve browser history, gather host IP addresses, gather details of running processes, and listing out files available on the disk volumes.
And the only way to thwart this malware from your network is to tighten your network with utmost passwords policies and 2FAs, use threat detection tools and use anti-malware solutions.