New Delhi: In a remarkable turn of events, the Nuclear Power Corporation of India (NPCIL) on October 30 confirmed its system had been hit by malware.
Although the official NPCIL release makes no mention of the Kudankulam Nuclear Power Plant (KKNPP), it appears to confirm reports in the social media that cybersecurity at the reactor complex in Tamil Nadu had been breached by unknown users.
“Identification of malware in NPCIL system is correct,” the statement noted. “The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.” It added that specialists from the Department of Atomic Energy (DAE) “immediately investigated” the event.
The NPCIL is a body under the DAE, which in turn comes under the purview of the prime minister’s office.
According to the official release, the infected computer belonged to a user who was connected to an internet-connected network for “administrative purposes”.
Also read: As Officials Deny Cyber Attack Reports, What Happened at Kudankulam Nuclear Plant?
The release is quick to add that the potentially compromised administrative network was “isolated from the critical internal network” and that the plant’s systems were not affected.
The NPCIL’s admission is remarkable because officials at the Kudankulam plant had denied the possibility of any cyberattack on October 29, Tuesday. However, experts noted the in the denial referred to the plant’s control system, not its administrative network, which was what could have been affected.
Rumours of a security breach on the KKNPP’s administrative network intensified on Tuesday after multiple social media users reported details of a malware attack.
While a blanket denial was first issued by officials at the plant, at least two media reports indicated that there had been genuine concern on the government’s part over a security breach in a part of the network. The Indian Express reported that senior officials had since undertaken an internal audit.
The controversy kicked off on Monday night after a cybersecurity professional named Pukhraj Singh tweeted that the Narendra Modi government had been notified of a potential cyberattack in September.
So, it’s public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit. https://t.co/rFaTeOsZrw pic.twitter.com/OMVvMwizSi
— Pukhraj Singh (@RungRage) October 28, 2019
“Domain controller-level access [has been gained] at Kudankulam Nuclear Power Plant. The government was notified way back,” said Singh, adding that he had been alerted to the issue by a “third party”.
“I didn’t discover the intrusion, a 3rd party did. It contacted me & I notified National Cyber Security Coordinator on Sep 4 (date is crucial). The 3rd party then shared the IoCs with the NCSC’s office over the proceeding days. Kaspersky reported it later, called it DTrack,” he added.
The identity of this third party isn’t publicly known at the moment. However, Ars Technica reported, “DTrack was tied to North Korea’s Lazarus threat group by researchers based on code shared with DarkSeoul, a malware attack that wiped hard drives at South Korean media companies and banks in 2013.”
The KKNPP complex houses two operational reactors, which each produce a little over 900 MW of electricity. Four more units are slated to be added to the complex, which is expected to increase its total output to 2 GW. Of this, 925 MW has been earmarked for Tamil Nadu and the remainder for the other South Indian states.
432675681 NPC Admission on Malware Attack by The Wire on Scribd