Malware Attack On Kudankulam Nuclear Power Plant Did Happen, Critical Internal Network Not Affected: NPCIL

Nuclear Power Corporation of India Limited (NPCIL) today confirmed in a press release that a computer in Kudankulam Power Plant was infected by a Malware on September 4, 2019. “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019,” said the press release by A.K Nema, associate director of NPCIL.

The press release further says, “The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored.”

R. Ramdoss, training superintendent and information officer at the Kudankulam Nuclear Power Plant (KKNPP) earlier shunned such claims saying that some false information is being propagated on the social media platform, electronic and print media with reference to the cyber attack on Kudankulam Nuclear Power Plant.

They have now accepted that the nuclear power system has actually detected the malware. The first report that portended malware in the system emerged earlier this month by news agency IANS alleging that one of the two power reactors at the Kudankulam Nuclear Power Plant had suspended operations. This matter was further blown up on social media sites as Twitter users linked system failure with the alleged cyber attack.

About The Hack

Pukhraj Singh, a former analyst for India’s National Technical Research Organization (NTRO), who first identified the malware reported to India’s National Cyber Security Coordinator on September 4.

I didn't discover the intrusion, a 3rd party did. It contacted me & I notified National Cyber Security Coordinator on Sep 4 (date is crucial). The 3rd party then shared the IoCs with the NCSC's office over the proceeding days. Kaspersky reported it later, called it DTrack. https://t.co/9xi4CZrvd1

— Pukhraj Singh (@RungRage) October 29, 2019

A report by arstechnica pointed out that the attack likely did not affect reactor controls, but it may have targeted research and technical data. The attack focused on gathering technical information using a Windows SMB network drive that has credentials encrypted into the malware to aggregate files to steal.

Malware has been identified by researchers as North Korea’s ‘Dtrack’, and the virus has made it to “domain controller-level access” at Kudankulam. The attack has also been reported to the government.

The malware Dtrack is associated with North Korea’s Lazarus threat group that shares the codes with DarkSeoul, a malware attack that wiped hard drives at South Korean media companies and banks in 2013.

Social Media Reaction

Reacting to the social media posts by Pukhraj Singh, Congress MP Shashi Tharoor also sought an explanation from the Centre. Tharoor, who also leads the parliamentary standing committee on information technology.

This seems very serious. If a hostile power is able to conduct a cyber attack on our nuclear facilities, the implications for India's national security are unimaginable. The Government owes us an explanation. https://t.co/5NokFcQFWs

— Shashi Tharoor (@ShashiTharoor) October 29, 2019

Kudankulam Nuclear Power Plant

The plant currently lacks an offsite spent nuclear fuel storage facility, which prompted a court battle to have the plants shut down until one was built.

Kudankulam has remained in the news since its very inception in 2002. Initially, the government postponed the activation of the plant due to indigenous communities protesting against its establishment.

After a promising collaboration with Russia’ Atomstroyexport, Kudankulam planned to operate six reactors. However, only two of them are active as the plant suffered many setbacks and glitches. The plant still does not have a proper nuclear storage facility, over which it was dragged to court and was ordered to shut the plants down until safety is ensured.

Entrapped in controversies, again and again, Kudankulam witnessed over 70 shutdowns since 2013 when the reactors went active.

Again, on October 19, the plant’s second reactor was shut down due to a fault in the reactor’s steam generation, according to KKNPP officials. The shutdown was not related to the malware attack, officials asserted.

Also Read: Once Upon A Time There Used To Be Independent Information Commissions