Computer systems of the Gundremmingen nuclear power plant in Germany have been found infected with viruses

Computers in German nuclear plant infected with virus

Computer systems at a German nuclear power plant have been found to be infected with viruses, although no harm has been done as the systems were isolated from the internet.

Malware known as W32.Ramnit, which can give attackers remote access to computer systems, has been found in computers of the RWE-operated plant in Gundremmingen, some 120km northwest of Munich, together with another type of malware known as Conficker.

The viruses, both targeting Microsoft’s Windows software, are thought to have spread into the system from infected USBs. W32.Ramnit, first discovered in 2010, is used by attackers to remotely steal files, while the Conficker malware, known since 2008, enables attackers to steal users' personal information, including credit card numbers, user names and passwords.

RWE has reported the breach to the German Federal Office for Information Security (BSI), which is working with IT specialists at the group to look into the incident.

The infected computer system has been used to run data visualisation software associated with equipment for moving nuclear fuel rods, RWE said.

The malware has also been found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems. RWE said it had increased cyber-security measures as a result.

According to Mikko Hypponen, chief research officer for Finland-based F-Secure, various types of computer viruses can be found in industrial computer networks quite frequently, but are usually harmless. Unlike in cases where a plant is deliberately targeted, such as the case of the hack of the Ukrainian power grid in December last year, the infection would be random, spread through the usual channels and couldn’t do much harm.

As an example, Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes because factory employees were charging their phones from the USB port in the cockpit.

As the plane runs a different operating system, no harm would befall it, but it would pass the virus on to other devices that plugged into the charger.

In 2013, a computer virus attacked a turbine control system at a US power company after a technician inserted an infected USB computer drive into the network, keeping a plant offline for three weeks.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them