North Korean hackers allegedly targeted Indian space agency

The Dtrack malware infection successfully disrupted an active lunar mission

Rocket blasting off to Mars

At least five critical Indian government agencies have been reportedly targeted by North Korean hackers in recent months, including its atomic regulatory board and space agency.

The Indian Space Research Organisation (ISRO) was alerted by a US cyber security company to a potential malware breach in early September, according to the Indian Express. The alert suggested that cyber criminals had infiltrated master 'domain controllers' at the Kudankulam nuclear power plant and the ISRO using the same malware strain.

The incident also may have had an effect on a failed lunar landing mission, Chandrayaan 2, which was due to touch down approximately 100 hours after the attack struck, sources who spoke with the newspaper said.

Advertisement - Article continues below

This mission was due to make a soft-landing on the Moon's South Pole on 7 September but lost contact with the earth station.

India's National Cyber Coordination Centre, similar in nature to the UK's National Cyber Security Centre (NCSC), was tipped off on 3 September about the attacks, with the power plant breach becoming public knowledge just last week.

The attackers were among at least five launched against India's critical national infrastructure, according to the founder of cyber security firm Security Brigade Yash Kadakia, speaking with the FT.

Advertisement
Advertisement - Article continues below

The malware strain itself was identified as Dtrak, which could allow cyber criminals to gain control over any and all infected devices. The 'domain controllers' targeted were server computers that responded to security authentication requests.

The Kudankulam plant initially said no cyber attack on its systems were possible, but the Nuclear Power Corporation of India which runs the plant conceded later that an infection had spread into the administrative network.

Advertisement - Article continues below

People within the respective agencies are reported to have opened phishing emails that were sent by the hackers, which led to the malware infiltrating agency systems.

Dtrack has been associated with activity by the Lazarus group, Kaspersky's SecureList platform suggests. The Lazarus Group has, in turn, been previously associated with the North Korean state.

A variation of the strain was last used on a widespread scale in 2018 in the form of a banking malware that targeted Indian banks. Analysis by Kaspersky showed the malware was designed to be planted on ATMs, where it could read and store information from cards inserted into the individual machines.

This attack may have been part of its 'FASTCash' scheme, identified by Symantec, through which Lazarus aimed to steal millions of dollars from ATMs across the world.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/security/phishing/355810/zloader-malware-returns-as-a-coronavirus-phishing-scam
phishing

ZLoader malware returns as a coronavirus phishing scam

27 May 2020
Visit/security/hacking/355806/anarchygrabber-hack-steals-discord-tokens-ids-and-passwords
hacking

AnarchyGrabber hack steals Discord tokens, IDs and passwords

27 May 2020
Visit/security/hacking/355801/scammers-using-coronavirus-contact-tracing-in-hacking-attempt
hacking

Scammers leverage contact-tracing in hacking attempt

27 May 2020

Most Popular

Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020