After the anniversary of the Chernobyl nuclear disaster, a German nuclear plant admits widespread malware infection.
By Tom Jowitt
A German nuclear power plant in Bavaria has admitted that its systems are riddled with malware, and has been shut down as a precaution—a day after the 30th anniversary of the Chernobyl nuclear disaster on Tuesday.
It was reported
that the Gundremmingen nuclear power plant is located (75 miles) northwest of Munich, and is run by the German utility RWE.
The company admitted
that malware had infected a number of its systems. It said it had immediately informed Germany's Federal Office for Information Security (BSI).
" and "Conficker
" viruses were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods.
Malware was also reportedly found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems.
The operator said that it has boosted its cyber-security measures, but insisted the malware was not a threat to the facility's operations because it is "isolated from the Internet."
This is not the first time that a nuclear power plant has had a security scare. Indeed, the potential risk to systems controlling critical infrastructure and industrial systems
remains a worry for many governments and authorities around the world.
In 2015, a hacker managed to hack into the systems
of a nuclear power plant in South Korea. A computer worm was later discovered
in a device connected to the control system, but the plant operator insisted that the breach had not reached the reactor controls itself.
The hacker later posted files from the hack online
, and included a demand for money.
The Stuxnet virus
reportedly caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran.
A German steelworks also suffered "massive damage"
after a cyberattack on its computer network in late 2014.
Researchers have previously warned that security weaknesses in industrial control systems
could allow hackers
to create cataclysmic failures in infrastructure.