{
	"id": "18608d97-b483-4ae7-9fef-33fcc4e8cb67",
	"created_at": "2026-04-06T00:08:19.766428Z",
	"updated_at": "2026-04-10T03:21:04.303355Z",
	"deleted_at": null,
	"sha1_hash": "b0150fb8aba8d0730881b95930763e36d4e9c855",
	"title": "Malware Discovered in German Nuclear Power Plant",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 137144,
	"plain_text": "Malware Discovered in German Nuclear Power Plant\r\nArchived: 2026-04-05 17:36:11 UTC\r\nA German nuclear power plant was recently discovered to be\r\ninfested by computer malware, reports say on Tuesday. The Gundremmingen plant, operated by the German utility\r\nRWE and nestled northwest of Munich, is said to have the highest-output nuclear power station in Germany.\r\nExperts identified the viruses to be “W32.Ramnit” and “Conficker”, found at the plant’s B unit in the system that\r\ninvolves the transport of reactor fuel. However, as it appears, the discovered malware are unlikely to threaten the\r\noperations of the plant, which has systems that are isolated from the internet. \r\nExperts are looking into the possibility of a malware-infested USB unknowingly used by an employee as the point\r\nof entry of the malware into the nuclear power plant’s system. Recent reports found that malware was seen in 18\r\nremovable drives, commonly on USB sticks used and “maintained separately from the plant’s operating systems”.\r\nWhile investigations done by Germany’s Federal Office for Information Security (BSI) and a pool of security\r\nanalysts are currently ongoing, this prompted a heightened cyber-security alert. In a statement, Tobias Schmidt,\r\nspokesman for the Gundremmingen nuclear plant noted, “Systems that control the nuclear process are analog,\r\nthus isolated from cyber threats. These systems are designed with security features that protect them against\r\nmanipulation.”\r\nAccording to initial investigations, the discovered viruses were not created to target power plants but were simply\r\ncommon malware variants. W32.Ramnit, which is said to target Microsoft Windows software, commonly spreads\r\nthrough data sticks. Upon infection, this malware gives an attacker remote access of connected systems. Aside\r\nfrom this, the malware has the capability to steal data from its infected systems. Similarly, Conficker, first sighted\r\nin back in 2008, is distributed across networks by dropping copies of itself in removable drives and network\r\nshares.\r\nInterestingly, this news follows the release of a studynews article indicating the vulnerability of German nuclear\r\npower plants to terror-attacks. While the discovery of the said malware is different from the previously reported\r\nincidents involving industrial control systems and online attackers, security experts are not looking at this\r\ndiscovery lightly given the kind of grave repercussions attacks like this pose to national security. \r\nhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/malware-discovered-in-german-nuclear-power-plant\r\nPage 1 of 2\n\nAt the tail-end of 2015, the first malware-driven power outage was reported in Ukrainenews article, with the\r\nresurfacing of BlackEnergy, a malware package first seen in 2007. Earlier this month, the United States and the\r\nUnited Kingdom agreed to simulate cyber attacks on nuclear plants to gauge the two countries’ readiness to take\r\non threats that could affect nuclear plants.\r\nVisit the Threat Intelligence Center for more on ICS and SCADA systems and industrial cyber security.\r\nHIDE\r\nLike it? Add this infographic to your site:\r\n1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your\r\npage (Ctrl+V).\r\nImage will appear the same size as you see above.\r\nSource: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/malware-discovered-in-german-nuclear-power-plant\r\nhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/malware-discovered-in-german-nuclear-power-plant\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/malware-discovered-in-german-nuclear-power-plant"
	],
	"report_names": [
		"malware-discovered-in-german-nuclear-power-plant"
	],
	"threat_actors": [],
	"ts_created_at": 1775434099,
	"ts_updated_at": 1775791264,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b0150fb8aba8d0730881b95930763e36d4e9c855.pdf",
		"text": "https://archive.orkl.eu/b0150fb8aba8d0730881b95930763e36d4e9c855.txt",
		"img": "https://archive.orkl.eu/b0150fb8aba8d0730881b95930763e36d4e9c855.jpg"
	}
}