India's most advanced nuclear power plant hacked

Dunya News

One of the reports suggested North Korea-linked Lazarus Group may have been behind this intrusion.

LAHORE (Dunya News) – News that India’s largest nuclear power plant, the Kudankulam Nuclear Power Plant, has suffered a cyberattack by North Korea-linked Lazarus Group has been confirmed by many tech-savvy and websites.

The network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today.

News that the Kudankulam Nuclear Power Plant (KNPP) might have been infected with a dangerous strain of malware first surfaced on Twitter on Monday.

Some cyber security experts had tweeted on Tuesday that NPCIL’s computers were potentially compromised.

The Modi-led government failed to address the rumors. An opposition Indian lawmaker, Shashi Tharoor, took to Twitter demanding an explanation for the reports. He said, “If a hostile power is able to conduct a cyber attack on our nuclear facilities, the implications for India’s national security are unimaginable. “The government owes us an explanation,” he added.

Pukhraj Singh, a former security analyst for India’s National Technical Research Organization (NTRO), pointed out that a recent VirusTotal upload was actually linked to a malware infection at the KNPP.

The particular malware sample included hardcoded credentials for KNPP’s internal network, suggesting the malware was specifically compiled to spread and operate inside the power plant’s IT network.

India has earlier defied the hack in its most advanced nuclear power plant by issuing a statement, “false information… being propagated (sic) on the social media platform, electronic and print media”.

R. Ramdoss, the training superintendent and information officer at the plant claimed that the “Kudankulam Nuclear Power Project (KKNPP) and other Indian nuclear power plants control systems are stand-alone and are not connected to the outside cyber network and internet”.

“Any cyberattack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP Unit-1 and 2 are operating at 1000MW and 600MW respectively without any operational or safety concerns,” the statement alleged.

One of the reports on a purported cyber incident at the plant suggested that the North Korea-linked Lazarus Group may have been behind an intrusion. The report cited an unverified online data dump.


MALWARE LINKED TO NORTH KOREA’S LAZARUS GROUP


According to CNET-owned ZDNet, several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit.

Singh’s tweet and revelation immediately went viral because just days before, the same power plant had an unexpected shutdown of one of its reactors -- with many users conflating the two unrelated incidents as one.

Initially, KNPP officials denied that they’ve suffered any malware infection, issuing a statement to describe the tweets as "false information," and that a cyber-attack on the power plant was "not possible."