Cyber Attack On A Nuclear Power Plant

Uploaded on 2019-11-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Energy

An Indian nuclear power plant suffered a cyberattack. The Nuclear Power Corporation of India Limited (NPCIL) has issued a statement admitting that the claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) located in Tamil Nadu is true. 

The KKNPP (pictured) is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied VVER pressurised water reactors with a capacity of 1,000 megawatts each. Both reactor units feed India's southern power grid. The plant is adding four more reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of the largest collaborations between India and Russia.

A NPCIL spokesman, said, "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019....."The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the Internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored."

Additionally, he confirmed that the plant systems are not affected.

The admission from the governing body comes a day after the training superintendent and information officer at KKNPP, issued a statement that categorically denied any instance of cyber-attacks on India's largest nuclear power plant. 

The statement said, "This is to clarify Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants' control systems are standalone and not connected to outside cyber network and Internet.... Any cyber-attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP's Unit-1 and 2 are operating at 1000 MWe and 600MWe respectively, without any operational or safety concerns."

The cyber attack on the KKNPP network was initially reported by cyber security researcher Pukhraj Singh, who was notified about the attack by an undisclosed independent party. 

Subsequently, the attack was reported to India's national cyber security coordinator, General Rajesh Pant, on September 3. The matter was acknowledged by the governing body a day later, which has now been confirmed via NPCIL's statement.  interestingly, the indicators of compromise in the attack was then found to be the Dtrack malware, which has been picking up pace in India, affecting enterprise networks and ATMs.

Believed to be produced by the Lazarus APT (advanced persistent threat) group, Dtrack is said to be specifically targeting India across various industries, with the KKNPP attack possibly the most critical so far. 

NPCIL has admitted that the malware attacked a system connected to the administrative network, hence leaving open the possibility of the malware gaining unauthorised admin privileges, and subsequently, scrolling sensitive information from concerned networks. Konstantin Zykov, senior security researcher at Kaspersky and the man behind discovering the Dtrack attacks in India, said that Kaspersky could not independently verify if the nuclear plant was among Dtrack's target list. 

Zykov stated to News18, "In our research, there were no confirmations of any cyber incident involving any nuclear power plant in India. We are not able to comment further on this matter as we have already published all our findings about Dtrack on Securelist."

News18:        GulfNews

You Might Also Read: 

German Nuclear Plant Infected With Viruses:


 

« Machines With The Power To Kill
Fake News Generated Against Hong Kong Protesters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Nixon Peabody LLP

Nixon Peabody LLP

Nixon Peabody LLP is an international law firm with offices across the USA, Europe and Asia. Practice areas include Data Privacy and Cyber Security.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Cryptus Cyber Security

Cryptus Cyber Security

Cryptus Cyber Security is an Information Security Training company providing advanced training and services to IT Professionals.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

Ahope

Ahope

Ahope is a mobile security solution provider in Korea with a long history of security solution development.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

DynaRisk

DynaRisk

DynaRisk helps companies protect their staff, clients and supply chain from cyber threats by enabling people to take action for themselves.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

CybeReady

CybeReady

CybeReady’s Autonomous Platform offers continuous adaptive training to all employees and guarantees significant reduction in organizational risk of phishing attacks.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

Bfore.ai

Bfore.ai

Stop future attacks, today. Bfore.ai is an operational threat intelligence feed to add predictive technology to your security infrastructure.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Trackd

Trackd

At trackd, we’re re-imaging vulnerability remediation for the benefit of the entire cyber security community. Automating Vulnerability Remediation without the Fear of Disruption.