Nuclear Power Corporation of India Limited (NPCIL) has confirmed that it has been the target of cybercriminals and a few systems at Kudankulam Nuclear Power Plant were breached.
The only good news is that the main system of the power plan was not connected to the affected system, so it is safe. The investigation had been carried out by DAE (Department of Atomic Energy) specialists and the network is now being monitored.
Yesterday, when a few reports talked about the cyberattack at systems of Kudankulam Nuclear Power Plant, the plant has issued a statement denying the claims. Now it has issued another statement confirming the market attack.
The official statement reads, “The identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.”
It was found that the network was infected by an infected computer that belonged to a user. The issue was found by a third-party multinational IT company in early September and it alerted the National Cyber Security Council (NCSC).
“The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network,” NPCIL added.
Then NCSC set up a cyber audit team in September and visited the plant. The team also met KKNPP officials and submitted an advisory with recommendations.
Systems were infected by DTrack malware, a data steering tool developed by North Korea’s Lazarus Group. Dtrack is used as a dropper for other malware payloads. This has been used in several politically-motivated cyber-espionage operations and attacks on banks. The attack on NPCIL seems more like an accidental infection, rather than a well-planned operation.
