Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network

It has been reported the network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
October 31, 2019 4:22 pm

It should come as no surprise that India is both a target for political and economic reasons or a major player, ready-or-not, in the cyber arena too. What this discovery does is reinforce how complex the world of espionage, cyber crime and nation-state hacking is. India has offensive and defensive cyber capabilities, is a nuclear power, has a massive percentage of the world’s population, the largest middle class in the world and the world’s largest democracy. It is strategic and has deep ties with the leading economies like the USA. That makes India a massive part of the geopolitical landscape and by extension of the cyber landscape. It’s time for India step up activities, and it’s time for a new alignment and balance of power in the cyber domain to match what we do in others: land, sea, air, space.

Last edited 3 years ago by Sam Curry
Stuart Reed
Stuart Reed , UK Director
InfoSec Expert
October 31, 2019 4:21 pm

Critical national infrastructure is a lucrative target for cyber hackers. Not only can an attack disrupt services that have a nation-wide impact but data is often highly sensitive and valuable. The attack on India’s nuclear power plant is particularly worrying given it should have had the newest and most secure network. It is fundamental that those responsible for the provision of critical infrastructure are taking the necessary steps to defend themselves from attackers. They need a layered approach to cybersecurity, all the way down to a network level. By tapping into the ubiquitous DNS layer for network detection and response, for example, security teams can use their existing infrastructure to identify malicious traffic entering and leaving their network early, allowing them to quickly take steps to mitigate the impact of an attack before damage is done.

Last edited 3 years ago by Stuart Reed
Andrea Carcano
Andrea Carcano , Co-founder and CPO
InfoSec Expert
October 31, 2019 4:17 pm

The consequences of not investing in industrial cybersecurity could be numerous and severe, particularly if a nuclear power station is targeted. Dtrack malware may usually be used for reconnaissance purposes but the information gathered from infected industrial and critical infrastructure plants could be used for other malicious purposes. It is imperative that critical infrastructure organisations put plans in place to prevent malicious attacks, and the cybersecurity community comes together to share expertise and knowledge on identifying and providing solutions to cybersecurity challenges. Applying artificial intelligence and machine learning detection and response enables organisations to monitor for malware and rapidly respond to remove malicious code.

Last edited 3 years ago by Andrea Carcano
Would love your thoughts, please comment.x