Dtrack RAT's latest victim is Kudankulam Nuclear Power Plant (KKNPP). It is related to Lazarus Group which believe to be a North Korean state sponsor threat actor. The power plant had an unexpected shutdown on one of its reactors which sparks a controversy which now is confirmed after The Nuclear Power Corporation of India Limited (NPCIL) admission on claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) are true.
Kaspersky identified and published details of DTrack in September, stating that it is targeted toward financial and research institutes in India. Dtrack does key-logging, retrieving browser history, gathering host IP addresses, information about available networks and active connections, listing all running processes, listing all files on all available disk volumes. It is usually used for reconnaissance and as a dropper for other malware payloads.
Such attacks poses a serious question on the safety and security of Indian nuclear assets.
Dtrack RAT (KKNPP) Signatures
Family: Trojan:Win32/VinoSiren.J!dha
MD5: 4f8091a5513659b2980cb53578d3f798
SHA256: bfb39f486372a509f307cde3361795a2f9f759cbeb4cac07562dcbaebc070364
Dtrack RAT (KKNPP) Download