Dtrack RAT's latest victim is Kudankulam Nuclear Power Plant (KKNPP). It is related to Lazarus Group which believe to be a North Korean state sponsor threat actor. The power plant had an unexpected shutdown on one of its reactors which sparks a controversy which now is confirmed after The Nuclear Power Corporation of India Limited (NPCIL) admission on claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) are true.
Kaspersky identified and published details of DTrack in September, stating that it is targeted toward financial and research institutes in India. Dtrack does key-logging, retrieving browser history, gathering host IP addresses, information about available networks and active connections, listing all running processes, listing all files on all available disk volumes. It is usually used for reconnaissance and as a dropper for other malware payloads.
Such attacks poses a serious question on the safety and security of Indian nuclear assets.
Dtrack RAT (KKNPP) Signatures
Dtrack RAT (KKNPP) Download