German nuclear power plant found to be infected with computer viruses

April 29, 2016 by Joseph Fitsanakis

The computers of a nuclear power plant in southern Germany have been found to be infected with computer viruses that are designed to steal files and provide attackers with remote control of the system. The power plant, known as Gundremmingen, is located in Germany’s southern district of Günzburg, about 75 miles northwest of the city of Munich. The facility is owned and operated by RWE AG, Germany’s second-largest electricity producer, which is based in Essen, North Rhine-Westphalia. The company provides energy to over 30 million customers throughout Europe.

On Tuesday, a RWE AG spokesperson said cybersecurity experts had discovered a number of computer viruses in a part of the operating system that determines the position of nuclear rods in the power plant. The software on the system was installed in 2008 and has been designed specifically for this task, said the company. The viruses found on it include two programs known as “Conficker” and “W32.Ramnit”. Both are responsible for infecting millions of computers around the world, which run on the Microsoft Windows operating system. The malware seem to be specifically designed to target Microsoft Windows and tend to infect computer systems through the use of memory sticks. Once they infect a computer, they siphon stored files and give attackers remote access to the system when the latter is connected to the Internet. According to RWE AG, viruses were also found on nearly 20 removable data drives, including memory sticks, which were in use by employees at the power plant. However, these data drives were allegedly not connected to the plant’s main operating system.

RWE AG spokespersons insisted this week that “Conficker”, “W32.Ramnit”, and other such malware, did not pose a threat to the nuclear power plant’s computer systems, because the facility is not connected to the Internet. Consequently, it would be impossible for an attacker associated with the viruses to acquire remote access to Gundremmingen’s computer systems. The company did not clarify whether it believed that the viruses had specifically targeted at the power plant. But they insisted that cyber security measures had been strengthened following the discovery of the malware, and said that they had notified Germany’s Federal Office for Information Security (BSI), which is now looking into the incident.

► Author: Ian Allen | Date: 29 April 2016 | Permalink