German Nuclear Power Facility Plagued with Malware since 2008

Good thing is that the servers weren’t connected to the Internet so no damage was done

The Gundremmingen nuclear power facility’s computer systems have been identified to be loaded with malware by the German electrical utility company RWE employees. This nuclear power plant is around 75 miles away from Munich and seemingly it is plagued with all sorts of malware including file-stealing malware and remote access Trojans. The malware is present on the nuclear plant’s computer systems and is being used to track the fuel rods of the plant. However, Reuters’ reports suggest that the computers are not connected to the web and hence, the malware hasn’t been activated as yet.

The malware was roaming around since 2008

Among the identified infections is the infectious worm Conficker, which was firstly detected in 2008. This worm can easily steal financial details and credentials of users and transform infected computers into “bots” that could conduct DDoS attacks (distributed denial of service). Another worm identified is the W32.Ramnit, which helps attackers to steal files and inject code into websites by acting as a remote access tool. This tool can easily help in stealing banking data.

Along with computer systems, which were upgraded in 2008, the plant’s USB storage devices (in total 18) were also infected with malware. The reason is that Conficker and W32.Ramnit can penetrate into removable USB devices via USB drives. However, these infections could not cause any harm because internet access is required to communicate with a C&C (command and control) server and apparently the plant wasn’t targeted by attackers since these worms are designed to carry out financial frauds.

Israel’s Power Authority Network Hit with Ransomware UN Watchdog Warns of Increase in Cyberattacks on Nuclear Facilities


Cyber warfare shows scary signs of where malware is headed Cyber Attacks Threatening Oil and Gas Sector Severely Now Than Ever Before

Nonetheless, the probability of newer, advanced and more destructive malware being introduced into the plant through USB drives cannot be overlooked. Such as, Iranian nuclear research plant was infected with Stuxnet in the same fashion. “Wiper” and Flame malware have also got great potential because these can be used to exploit USB drives to reach the disconnected systems.

This current finding has prompted RWE to seek help from the Federal Office for Information Security in Germany to conduct an investigation into how this malware reached the plant and how it can be removed.

This is not the first time when a nuclear plant has been found loaded with malware. In fact in 2015, South Korean nuclear plants were infected with malware and North Korea was the suspect.

Related Posts