A government-owned entity – the Nuclear Power Corporation of India was one of the victims of the most recent high profile cyber-attacks. According to a statement released by the company, the attack was discovered on September 4, and no plant control systems were affected. “The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. The investigation also confirms that the plant systems are not affected.” According to the article by TNW, the attacks used malware to access the domain controller account that grants access and authenticates requests from other computers in the network.
Some additional information also provided in the article is the data collected by the malware was sent to a mounted drive via SMB and the drive and credential is statically encoded: net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator
Leave a Reply
You must be logged in to post a comment.