Several computer viruses have been detected in a German nuclear power plant in Bavaria, the station operator said. The malware can steal login credentials and allow a remote attacker to access the cracked computer.
The incident took place at Gundremmingen plant about 100km from Munich.
“In Gundremmingen nuclear power plant so-called office-malware has been found during … testing work in Unit B,” a statement released by the power plant said.
Germany’s Federal Office for Information Security (BSI) was immediately informed.
The statement initially didn’t mention what kind of malware was involved, only saying this software has been “known for a few years” and is designed to make “an unwanted connection to the internet.”
Later, RWE, a German electric utilities company that runs the plant, confirmed to Reuters the viruses include “W32.Ramnit”and “Conficker”. They were found in a computer system retrofitted in 2008 with data visualization software.
The worms were also found in at least 18 removable data drives, mainly in USB sticks and office computers maintained separately from the plant system, the company added.
RWE claims the incident poses no threat to the plant, its personnel or the environment.
According to data from Symantec, an American technology company, W32.Ramnit is a worm that spreads through removable drives and can steal login credentials. “The worm also functions as a back door allowing a remote attacker to access the compromised computer,” the firm said.
Conficker can disable several important Windows services and security products, according to information from Microsoft.
There was a major accident in Gundremmingen nuclear plant in 1977. Its Unit A suffered a rapid shutdown of the reactor due to poor weather conditions, which led to operational errors. Unit A remains out of service.
Earlier in March, a study by Oda Becker, a physicist and independent expert on nuclear plants said German nuclear plants are vulnerable to terrorist attacks.
The report states that a nuclear plant’s smokescreen designed to prevent any attacks from the air provides only minimal protection for the facility. Such a smokescreen “only slightly diminishes a chance of collision with a plane,” hijacked by terrorists, it adds.
According to Becker’s research, another significant threat to German nuclear plants is posed by a possible terrorist attack using helicopters filled with explosives.
In another study published earlier, Becker listed poor security standards, natural disasters, terrorist attacks and emergencies caused by the deterioration of the German nuclear plants’ security systems as major threats to the industry.
Also in March, an exclusive report by the Belgian Derniere Heure newspaper said the Brussels suicide bombers, Khalid and Ibrahim El Bakraoui, were planning attacks on Belgian nuclear power stations. The brothers reportedly planted a camera outside the house of a senior nuclear official. The footage, confiscated by investigators, reveal “dozens of hours” of the movements of Belgium’s nuclear boss.
https://www.rt.com/news/341083-germany-gundremmingen-plant-virus/
“….this software has been ‘known for a few years’ and is designed to make ‘an unwanted connection to the internet.’ ”
There is no reason a nuke plant’s computer should be capable of an internet connection.
Lol! I said this years ago when they were forewarning us it was a major concern. Us plebs better shut our pie holes or else.
Symantec
How appropriate