Cyber Attack On A Nuclear Power Plant

An Indian nuclear power plant suffered a cyberattack. The Nuclear Power Corporation of India Limited (NPCIL) has issued a statement admitting that the claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) located in Tamil Nadu is true. 

The KKNPP (pictured) is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied VVER pressurised water reactors with a capacity of 1,000 megawatts each. Both reactor units feed India's southern power grid. The plant is adding four more reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of the largest collaborations between India and Russia.

A NPCIL spokesman, said, "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019....."The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the Internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored."

Additionally, he confirmed that the plant systems are not affected.

The admission from the governing body comes a day after the training superintendent and information officer at KKNPP, issued a statement that categorically denied any instance of cyber-attacks on India's largest nuclear power plant. 

The statement said, "This is to clarify Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants' control systems are standalone and not connected to outside cyber network and Internet.... Any cyber-attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP's Unit-1 and 2 are operating at 1000 MWe and 600MWe respectively, without any operational or safety concerns."

The cyber attack on the KKNPP network was initially reported by cyber security researcher Pukhraj Singh, who was notified about the attack by an undisclosed independent party. 

Subsequently, the attack was reported to India's national cyber security coordinator, General Rajesh Pant, on September 3. The matter was acknowledged by the governing body a day later, which has now been confirmed via NPCIL's statement.  interestingly, the indicators of compromise in the attack was then found to be the Dtrack malware, which has been picking up pace in India, affecting enterprise networks and ATMs.

Believed to be produced by the Lazarus APT (advanced persistent threat) group, Dtrack is said to be specifically targeting India across various industries, with the KKNPP attack possibly the most critical so far. 

NPCIL has admitted that the malware attacked a system connected to the administrative network, hence leaving open the possibility of the malware gaining unauthorised admin privileges, and subsequently, scrolling sensitive information from concerned networks. Konstantin Zykov, senior security researcher at Kaspersky and the man behind discovering the Dtrack attacks in India, said that Kaspersky could not independently verify if the nuclear plant was among Dtrack's target list. 

Zykov stated to News18, "In our research, there were no confirmations of any cyber incident involving any nuclear power plant in India. We are not able to comment further on this matter as we have already published all our findings about Dtrack on Securelist."

News18:        GulfNews

You Might Also Read: 

German Nuclear Plant Infected With Viruses:


 

« Machines With The Power To Kill
Fake News Generated Against Hong Kong Protesters »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cloud53

Cloud53

Cloud53 specialise in improving operational IT through strategic use of Cloud technologies and services.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

Naval Dome

Naval Dome

Naval Dome provides the first maritime multilayer cyber defense solution for mission critical onboard systems.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

APT Search

APT Search

APT Search is a recruitment company specialising within the Legal Technology, Cybersecurity and Privacy sectors.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

AU10TIX

AU10TIX

AU10TIX’s smart forensic-level ID authentication technology links physical and digital identities, meets compliance mandates, and ensures your customers know their trust and safety come first.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

DataViper

DataViper

Data viper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

Global Cybersecurity Institute - Rochester Institute of Technology (RIT)

At RIT’s Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Cornami

Cornami

Cornami delivers real-time computing on encrypted data sets, which is vital for data privacy and cloud security.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.