A day after Kudankulam Nuclear Power Plant denied reports that the facility had come under cyber-attack, the Nuclear Power Corporation of India Limited had acknowledged that some systems in the plant were indeed breached. In a statement issued today, NPCIL said that “identification of malware in NPCIL system was correct,” while adding that the affected system was not connected to the main system of the power plant.
“The matter was conveyed by CERT-In when it was noted by them on September 4, 2019,” the press release said. NPCIL further added that the matter was investigated by Department of Atomic Energy (DAE) specialists, where it was found that the infected computer belonged to a user who was connected to a network connected with the Internet for administrative purposes. They informed that this network is isolated from the critical internal network operating the nuclear power plant.
The NPCIL statement added that the investigation has confirmed that the control systems of the plant are not affected, and the networks are continuously monitored.
After reports emerged that computer systems of Kudankulam Nuclear Power Plant were compromised, the plant had issued a statement yesterday denying them, KKNPP had said that its control systems are isolated from external networks, and they can’t be breached. But the statement was silent about the status of administrative and other non-core networks of the plant which are connected with the internet.
Today’s NPCIL statement confirms that the information originally published about the breach by cybersecurity expert Pukhraj Singh was correct. He had said that a cybersecurity firm had detected that attackers had gained domain controller-level access at Kudankulam. He had also said that he had informed the National Cyber Security Coordinator about the breach on 4th September. Responding the KKNPP’s denial, he had said that the coordinator had confirmed the breach in email exchanges.
Other Twitter users had posted logs of the breach, which showed that the system at the plant was infected with DTrack malware, a data-stealing and cyberespionage tool developed by North Korea’s Lazarus Group.