Cyber Attack On A Nuclear Power Plant

Uploaded on 2019-11-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Energy

An Indian nuclear power plant suffered a cyberattack. The Nuclear Power Corporation of India Limited (NPCIL) has issued a statement admitting that the claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) located in Tamil Nadu is true. 

The KKNPP (pictured) is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied VVER pressurised water reactors with a capacity of 1,000 megawatts each. Both reactor units feed India's southern power grid. The plant is adding four more reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of the largest collaborations between India and Russia.

A NPCIL spokesman, said, "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019....."The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the Internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored."

Additionally, he confirmed that the plant systems are not affected.

The admission from the governing body comes a day after the training superintendent and information officer at KKNPP, issued a statement that categorically denied any instance of cyber-attacks on India's largest nuclear power plant. 

The statement said, "This is to clarify Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants' control systems are standalone and not connected to outside cyber network and Internet.... Any cyber-attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP's Unit-1 and 2 are operating at 1000 MWe and 600MWe respectively, without any operational or safety concerns."

The cyber attack on the KKNPP network was initially reported by cyber security researcher Pukhraj Singh, who was notified about the attack by an undisclosed independent party. 

Subsequently, the attack was reported to India's national cyber security coordinator, General Rajesh Pant, on September 3. The matter was acknowledged by the governing body a day later, which has now been confirmed via NPCIL's statement.  interestingly, the indicators of compromise in the attack was then found to be the Dtrack malware, which has been picking up pace in India, affecting enterprise networks and ATMs.

Believed to be produced by the Lazarus APT (advanced persistent threat) group, Dtrack is said to be specifically targeting India across various industries, with the KKNPP attack possibly the most critical so far. 

NPCIL has admitted that the malware attacked a system connected to the administrative network, hence leaving open the possibility of the malware gaining unauthorised admin privileges, and subsequently, scrolling sensitive information from concerned networks. Konstantin Zykov, senior security researcher at Kaspersky and the man behind discovering the Dtrack attacks in India, said that Kaspersky could not independently verify if the nuclear plant was among Dtrack's target list. 

Zykov stated to News18, "In our research, there were no confirmations of any cyber incident involving any nuclear power plant in India. We are not able to comment further on this matter as we have already published all our findings about Dtrack on Securelist."

News18:        GulfNews

You Might Also Read: 

German Nuclear Plant Infected With Viruses:


 

« Machines With The Power To Kill
Fake News Generated Against Hong Kong Protesters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

360Logica

360Logica

360Logica is a software testing company offering numerous kinds of testing services to improve the quality and performance of your software and IT systems.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Responsible Cyber

Responsible Cyber

Protect yourself with Responsible Cyber’s 360° platform, IMMUNE, arming you with comprehensive support for your business.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMI Level-3 ISO 9001-2008, 27001-2013 certified global consulting and implementation company focused on Information Security and Cyber Security.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

Gotham Digital Science (GDS)

Gotham Digital Science (GDS)

Gotham Digital Science is an international security services company specializing in Application and Network Infrastructure security, and Information Security Risk Management.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

SecureWeb3

SecureWeb3

SecureWeb3 helps businesses and brands to secure their Web3 presence by offering a full suite of security services including training, consultancy & brand protection solutions.

Codezero Technologies

Codezero Technologies

Codezero is at the forefront of microservices development, employing an identity-aware overlay network that delivers zero-trust security to DevOps.