North Korea (attributed by malware overlap): Officials at the Kudankulam Nuclear Power Plant (KNPP) in India publicly acknowledged a breach of KNPP’s IT systems, which they claim did not affect the operational network or the critical control systems that govern the power plant’s operation. In a press release, a plant official said that the control system operational networks “…are standalone and not connected to outside cyber network and Internet… Any Cyberattack on the Nuclear Power Plant Control System is not possible.” Security researcher Pukhraj Singh posted information to Twitter alleging that the attackers had access to the Domain Controller (DC) and that “extremely mission-critical assets were hit.” The incident came to light when another security researcher discovered a malware sample that had been uploaded to Virus Total, a free service for checking files against several Anti-Virus (AV) products at once. Security researchers can pay for access to search Virus Total and download malware samples from it. The malware sample analyzed by Singh and others contained a computer name, username and password for an administrator account on a server inside the Kudankulam Nuclear Power Plant. Singh became aware of the malware on September 5th, and he reported the incident to Indian officials on September 7, 2019. The malware was identified by researchers as “DTrack” or “ATMDTrack,” which has been attributed to North Korean state-sponsored computer network operations by researchers at the Moscow-based Kaspersky Lab. Previous reports by Kaspersky indicate that ATMDTrack was used to target Automated Teller Machines (ATMs) in India to steal information from bank customer’s bank cards. On October 29th, zdnet.com reported that 1.3 million stolen bank card records, mostly from banks in India, were posted for sale on Joker’s Stash, one of the largest criminal shops for purchasing credit and debit card details. It is unknown if these incidents are related.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.