Malware attack at German Nuclear power plant

D

Der.Reisende

Level 45
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Content source
http://news.newsdirectory2.com/identified-personal-computer-virus-in-gundremmingen/
Gundremmingen –

In the Bavarian nuclear power plant Gundremmingen a laptop virus has been discovered. The malicious software program was noticed when preparing the revision in block B, said the power plant.

A hazard to personnel or the population did not exist, because all the delicate regions of the electrical power plant decoupled and not linked to the Internet are. Nonetheless, the supervisory authority and the Federal Workplace for Data Security had been informed.

experts of the operator RWE will now uncover out how the virus received into the 2008 retrofitted pc program. Reported to the program is component of the fuel-loading machine, has itself no result from the management of the method. The software identified targets shall be to forge undesired connections to the Net.

In response to detecting the arrangements for IT protection had been extended. Pursuant to the incident called for a regional initiative of anti-nuclear activists, inter alia education on the malware was undetected as long on the laptop.

At the weekend, had about 750 folks in front of the plant in the district of Günzburg for an early closure of the two remaining blocks demonstrated. Definitively to be Gundremmingen 2021 off. (Dpa)

A great German article can be found here:
Schadsoftware im Atomkraftwerk Gundremmingen

Thanks for reading :)
 
  • Like
Reactions: Logethica, silversurfer, Jrs30 and 8 others
D

Der.Reisende

Level 45
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Klipsh said:
Good to know but do you remember Stuxnet? It spread Itself via USB device.
Click to expand...
Absolutely do :) There is always an attack vector, think of those Air Gap method, I don't understand completely how that works, but might be used for something like that too, I'm sure.

The quoted mention is out of the article, not mine:) But yes, great that nobody has been harmed.
 
  • Like
Reactions: Logethica, frogboy, LabZero and 1 other person
arslan ejaz

arslan ejaz

Level 10
Verified
Well-known
Jun 5, 2015
462
Breaking# A malware causes German Nuclear Power Plant shutdown on Chernobyl’s 30th Anniversary
A computer virus was discovered at the Gundremmingen nuclear power plant in Bavaria, according to the German BR24 News Agency. The malware was discovered at the nuclear power plant’s Block B IT network that handles the fuel handling system. RWE, who is in charge of the plant shut down the power plant for precaution.

Based on the initial assessment conducted by the experts, the virus has not affected any important parts of the power plant and wouldn’t pose any major threat. The malware affected only the computer IT systems and not the ICS/SCADA equipment that interacts with the nuclear fuel
 
  • Like
Reactions: Logethica, Der.Reisende, Morvotron and 5 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
IMO this is very interesting but also extremely serious and scary news. This could perhaps be a possible variant on Stuxnet and if thats the case I do wonder if the creator/s genuine understand or even care what they actually released.

Nuclear accident example and it's impacts :

 
  • Like
Reactions: Logethica, silversurfer, Der.Reisende and 2 others
D

Der.Reisende

Level 45
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
hjlbx said:
Article doesn't state what the malware actually is. Could be PUP\PUA. Could be false positive. Could be anything.
Click to expand...
According to another article by German magazine Heise from yesterday evening, Conficker and Ramnit. They have no idea how it could get infected, as the Worms are very old and should be detected by AV easily. Without the machine being connected to the net, no harm was made. Investigations ongoing.
AKW Gundremmingen: Infektion mit Uralt-Schadsoftware

EDIT: @hjlbx I will have an eye on Heise and update this post as long as it isn't archived. Maybe the PC hadn't either an AV or wasn't updated for a long time. Or a case of social Engineering?:)
 
Last edited:
  • Like
Reactions: Logethica, upnorth, silversurfer and 1 other person
H

hjlbx

Der.Reisende said:
According to another article by German magazine Heise from yesterday evening, Conficker and Ramnit. They have no idea how it could get infected, as the Worms are very old and should be detected by AV easily. Without the machine being connected to the net, no harm was made. Investigations ongoing.
AKW Gundremmingen: Infektion mit Uralt-Schadsoftware
Click to expand...

That's interesting...

Old malware not detected by AV scanner is nothing new. Maybe both modified or obfuscated in some way to avoid detection.

Who knows. Have to wait for infos.
 
  • Like
Reactions: Der.Reisende
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Quote : " The malware was discovered on computer systems at the Gundremmingen nuclear power facility by employees of the German electrical utility company RWE. It included Conficker, a worm first detected in 2008 designed to steal user credentials, personal financial data, and turn infected computers into "bots" to carry out distributed denial of service (DDoS) attacks. W32.Ramnit, a worm that provides attackers with a remote access tool and allows them to steal files and inject code into webpages to capture banking data, was also discovered on the system.

In addition to the infected computer system, last upgraded in 2008, malware was discovered on 18 USB removable storage devices. Both Conficker and W32.Ramnit spread themselves through USB drives. The malware did no harm because it required Internet access to contact a command-and-control network, and it appears that the plant was not specifically targeted by attackers since the malware was focused largely on financial fraud.

But much more destructive malware could have easily been introduced over USB drives in a targeted attack. Stuxnet was introduced into an Iranian nuclear research facility's "air-gapped" network by way of a USB drive, and Flame and some "wiper" malware have also used USB drives as a way to get to disconnected systems. The discovery of the malware has prompted RWE to bring in Germany's Federal Office for Information Security to help with an investigation into how the malware was introduced and to help improve security. "

Source : German nuclear plant’s fuel rod system swarming with old malware
 
  • Like
Reactions: Der.Reisende
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
    • Wow
Technology Microsoft just made a huge bet on nuclear fusion
Replies
5
Views
670
Technology News
plat
P
[correlate]
    • +Reputation
    • Wow
German financial agency site disrupted by DDoS attack since Friday
Replies
0
Views
587
News Archive
[correlate]
[correlate]
silversurfer
    • Like
Intel angles for more subsidies to build German mega-fab
Replies
1
Views
486
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top