The Nuclear Power Corporation of India (NPCIL), a government-owned entity responsible for nuclear power in the country, has admitted that a cybersecurity attack took place in a nuclear power plant. It said systems of the Kudankulam Nuclear Power Project (KKNPP), located in southern state of Tamil Nadu, were subjected to malware in September.
The entity said in a statement that it was notified about the incident by Indian Computer Emergency Response Team (CERT-IN) on September 4, noting its plant systems had not been affected:
The identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.
The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. The investigation also confirms that the plant systems are not affected.
According to the statement, only one of the administrative computers was affected. It is speculated that this D-track type of malware is the same as that used by North Korean hackers to target Indian ATM systems in September.
The attack used malware to access the domain controller account that grants access and authenticates requests from other computers in the network.
A report by Indian Express suggests, the National Cyber Security Council (NCSC) formed a committee that visited the site mid-September and submitted an advisory this month to the KKNPP officials.
Attached pic is data collection from #KKNPP #Dtrack malware (a few other bits not pictured).
– Local IP, MAC, OS install information (including registered org) via registry
– Browser history
– Connectivity to local IP
– Compspec, ipconfig, netstat infovia @a_tweeter_user https://t.co/7LqEhNOom2 pic.twitter.com/qKIVzvbQbV
— Kevin Perlow (@KevinPerlow) October 28, 2019
Cybersecurity expert Pukhraj Singh informed National Cyber Security Coordinator, Lt Gen Rajesh Pant, on September 4, and he acknowledged the issue. The KKNPP denied yesterday that any of its control systems were hit.
While critical systems were not affected, it’s shocking that malware used for ATM machines can be used to get into the admin systems of a nuclear plant. Hackers might not be able to manipulate control systems, but they can certainly use malware to steal data or infect other computers in the network.
This also highlights the lack of adequate security measures for computer systems in critical places. To avoid future attacks, plant administrators must ensure security protocols are more stringent.
Get the TNW newsletter
Get the most important tech news in your inbox each week.