ISRO confirms it was alerted about DTrack malware during Chandrayaan 2, says it had no impact

ISRO confirms that it was alerted to a hacking attempt by the same North Korean malware that targeted the Kudankulam nuclear reactor earlier this year.

According to a recent report by The Quint , ISRO was one of five government agencies to come under their attack. However, the officials from the Indian space agency denied that the attack impacted the Moon mission.

Reportedly, ISRO employees accidentally installed malware on to their systems after opening phishing emails from North Korean spammers.

Another report from the Financial Times suggests that ISRO was informed about the attack in September. ISRO also confirmed to The Quint about being alerted about the attack.

“We know they were targeted, they got the link, they clicked on the link. That much we can confirm so far,” Yash Kadakia, founder of Security Bridge, a Mumbai-based cybersecurity company, told The Quint.

The said the attack was apparently conducted using DTrack, a type of malware, US authorities believe, is linked to the Lazarus group controlled by the North Korean government.

A report by cybersecurity firm Kaspersky, the malware has been detected in financial institutions and research centres in 18 Indian states.

The same malware is also believed to have affected the Kudankulam nuclear plant .

On 3 September the National Cyber Coordination Center , which was set up to help the country deal with malicious cyber activities and cyber warfare, received information from a US-based cybersecurity company that a “threat actor” had breached master “domain controllers” at the Nuclear Power Corporation of India Limited’s (NPCIL) Kudankulam nuclear plant.

The malware was later identified as Dtrack and the officials at both these government agencies were informed about these security breaches on 4 September,  two days before the scheduled Chandrayaan 2 moon landing attempt .

Dtrack is malware that has been developed by a  North Korean hacker group called Lazarus . It allows hackers to get complete control over a device and they can extract data, remotely.   Dtrack RAT (remote administration tool)  can infiltrate systems with weak network security policies and password standards. Once implemented, it can access all available files and running processes, keylogging, browser history and host IP addresses, including information about available networks and active connections.

Editor’s note: While the malware is of North Korean origin and the timing of the reported attack coincides with the failed Chandrayaan 2 landing attempt, there is no indication yet that the timing was anything more than coincidence.