Kudankulam power plant officials deny North Korea cyber attack

Kudankulam power plant officials deny North Korea cyber attack
Photo Credit: Photo Credit: Pixabay
30 Oct, 2019

A day after a former analyst at the National Technical Research Organisation (NTRO) tweeted about a potential malware attack on the Kudankulam Nuclear Power Plant, authorities at the nuclear station issued a statement denying that any such attack ever took place.

The official statement argued that nuclear station was safe from cyber threats as the control systems are isolated from the administrative networks of the plant.

Pukhraj Singh, a former analyst at NTRO, recently claimed in a social media post that there was a ‘domain-controller level access’ breach at the plant. He cited a malware report by VirusTotal to back his claims. 

The malware in question was previously identified by experts as Dtrack and has origins in North Korea.

“This is to clarify the Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants Control Systems are stand-alone and not connected to outside cyber network and Internet. Any Cyber-attack on the Nuclear Power Plant Control System is not possible,” the official release stated. 

However, the short statement failed to clarify if any data had been stolen or if the administrative systems, which function separately from the nuclear controls, were attacked.

It added that both the nuclear plant’s reactors were up and running without any operational or safety concerns. However, the Nuclear Power Corporation of India had recently reported that the second 1000 MW nuclear power unit at Kudankulam had stopped power generation on October 19 at 12 pm due to “SG level low”.

Dtrack malware was previously tied to a threat group, Lazarus. The group is known for DarkSeoul, a malware attack that targeted and wiped out data from South Korean banks and media organisations way back in 2013.

Amid the claim that the plant has not been attacked, news website The New Indian Express has reported that “a third-party multinational IT company discovered the attack in early September and alerted the National Cyber Security Council (NCSC).”

NCSC had setup a cyber-audit team, which visited the site in mid-September and had confirmed that a breach had taken place, the news website reported, citing anonymous sources. 

 “In terms of the breach, there are layers. It definitely did not impact the main operations. It affected computers that are used for administrative purposes only,” the New Indian Express report quoted its source as saying.

Kudankulam Nuclear Power Plant, the country’s largest nuclear facility, has courted controversy since its initial construction in 2002. Although six reactors were planned to operate, only two are active today. The plant also reportedly does not possess an offsite nuclear fuel storage facility.