{
	"id": "613b6c39-0ec2-4ec1-a4f2-f3404fc3a826",
	"created_at": "2026-04-06T00:11:47.11931Z",
	"updated_at": "2026-04-10T03:21:42.026312Z",
	"deleted_at": null,
	"sha1_hash": "8acdfcc5c386d4eec591e91b59973a69660819d6",
	"title": "Malware Shuts Down German Nuclear Power Plant on Chernobyl's 30th Anniversary",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45573,
	"plain_text": "Malware Shuts Down German Nuclear Power Plant on\r\nChernobyl's 30th Anniversary\r\nBy Catalin Cimpanu\r\nPublished: 2016-04-26 · Archived: 2026-04-05 15:37:29 UTC\r\nA routine security audit has discovered malware on the computer systems of the Gundremmingen nuclear\r\npower plant in Germany. RWE, the plant's operator, shut down the power plant for precaution, despite\r\nsaying it was nothing serious.\r\nAccording to a press release put out by Gundremmingen power plant officials, the malware was discovered on the\r\nplant's Block B IT network that handles the fuel handling system.\r\nThe malware infection was most likely an accident, not an attack\r\nThe malware affected only the computer IT systems and not the ICS/SCADA equipment that interacts with the\r\nnuclear fuel. Officials say the equipment's role is to load and unload nuclear fuel from the power plant's Block B\r\nand then transfer old fuel to the storage pool.\r\nGundremmingen officials said the IT system was not connected to the Internet and that they suspect someone\r\nbrought in the malware by accident on a USB thumb drive, either from home or computers found in the power\r\nplant's facility.\r\nAuthorities did not reveal the name of the malware strain but said it was nothing serious, classifying the whole\r\nincident as \"N\" (normal category).\r\nToday is Chernobyl disaster's 30\r\nth\r\n anniversary\r\nThe malware infection was discovered Sunday on April 24, and two days later the power plant is still offline.\r\nToday, April 26, 2016, marks 30 years since the Chernobyl nuclear power plant disaster.\r\nThe nuclear plant is now going through all the security procedures involved with such events, with its staff\r\nscanning all other computer systems and going through all the regular checks and motions before putting the plant\r\nback into production.\r\nThe Gundremmingen nuclear power plant is considered one of Germany's most outdated nuclear power plants.\r\nGundremmingen is set to permanently shut down in 2021, but over 750 people protested over the weekend in the\r\nhope of convincing authorities to shut down the two reactors left working before the final deadline.\r\n“Eugene Kaspersky: It’s not surprising”\r\nEugene Kaspersky, founder and CEO of Kaspersky Lab, one of the world's leading security firms, put the situation\r\nin perspective for Softpedia.\r\nhttps://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml\r\nPage 1 of 2\n\n\"An industrial control system used for loading nuclear fuel elements at Germany’s Gundremmingen nuclear power\r\nplant has been infected with malware. Yes, alarm bells are probably ringing in everyone’s head who’s just read\r\nthat. Thing is, it’s not surprising. What is rather surprising is that we don’t hear such worrying news more\r\nfrequently.\"\r\n\"From what we know, it was not a targeted attack on the power plant’s system; it was just a 'regular' infection,\r\ncontracted most likely by someone connecting a storage device to the system. That’s what we hear from German\r\nmedia.\"\r\n\"What it shows is the main, basic issue of today’s connected systems: critical infrastructure is as vulnerable as all\r\nother systems connected to the Internet. We saw the example of the blast furnace being destroyed by a malware\r\nattack (disclosed by Germany’s Federal Office for Information Security); there was Stuxnet – malware allegedly\r\ndesigned to physically destroy nuclear enrichment facilities in Iran.\"\r\n\"Operators and regulators have to understand that in an age when we see more than 310,000 new samples of\r\nmalware a day, some of those samples might damage systems they were never intended to be aimed at. For such\r\ncases – of course in addition to intentional direct attacks – we have to be prepared.\"\r\nOnly a week ago, Kaspersky became the first big antivirus company to provide a cyber-security solution for\r\nICS/SCADA equipment.\r\nUPDATE: According to reports in the Germany media, the malware found inside the nuclear plant were versions\r\nfo the Ramnit banking trojan and the Conficker worm.\r\nSource: https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml\r\nhttps://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://news.softpedia.com/news/on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml"
	],
	"report_names": [
		"on-chernobyl-s-30th-anniversary-malware-shuts-down-german-nuclear-power-plant-503429.shtml"
	],
	"threat_actors": [],
	"ts_created_at": 1775434307,
	"ts_updated_at": 1775791302,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8acdfcc5c386d4eec591e91b59973a69660819d6.pdf",
		"text": "https://archive.orkl.eu/8acdfcc5c386d4eec591e91b59973a69660819d6.txt",
		"img": "https://archive.orkl.eu/8acdfcc5c386d4eec591e91b59973a69660819d6.jpg"
	}
}