Cyber Attack On A Nuclear Power Plant

Uploaded on 2019-11-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Energy

An Indian nuclear power plant suffered a cyberattack. The Nuclear Power Corporation of India Limited (NPCIL) has issued a statement admitting that the claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) located in Tamil Nadu is true. 

The KKNPP (pictured) is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied VVER pressurised water reactors with a capacity of 1,000 megawatts each. Both reactor units feed India's southern power grid. The plant is adding four more reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of the largest collaborations between India and Russia.

A NPCIL spokesman, said, "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019....."The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the Internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored."

Additionally, he confirmed that the plant systems are not affected.

The admission from the governing body comes a day after the training superintendent and information officer at KKNPP, issued a statement that categorically denied any instance of cyber-attacks on India's largest nuclear power plant. 

The statement said, "This is to clarify Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants' control systems are standalone and not connected to outside cyber network and Internet.... Any cyber-attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP's Unit-1 and 2 are operating at 1000 MWe and 600MWe respectively, without any operational or safety concerns."

The cyber attack on the KKNPP network was initially reported by cyber security researcher Pukhraj Singh, who was notified about the attack by an undisclosed independent party. 

Subsequently, the attack was reported to India's national cyber security coordinator, General Rajesh Pant, on September 3. The matter was acknowledged by the governing body a day later, which has now been confirmed via NPCIL's statement.  interestingly, the indicators of compromise in the attack was then found to be the Dtrack malware, which has been picking up pace in India, affecting enterprise networks and ATMs.

Believed to be produced by the Lazarus APT (advanced persistent threat) group, Dtrack is said to be specifically targeting India across various industries, with the KKNPP attack possibly the most critical so far. 

NPCIL has admitted that the malware attacked a system connected to the administrative network, hence leaving open the possibility of the malware gaining unauthorised admin privileges, and subsequently, scrolling sensitive information from concerned networks. Konstantin Zykov, senior security researcher at Kaspersky and the man behind discovering the Dtrack attacks in India, said that Kaspersky could not independently verify if the nuclear plant was among Dtrack's target list. 

Zykov stated to News18, "In our research, there were no confirmations of any cyber incident involving any nuclear power plant in India. We are not able to comment further on this matter as we have already published all our findings about Dtrack on Securelist."

News18:        GulfNews

You Might Also Read: 

German Nuclear Plant Infected With Viruses:


 

« Machines With The Power To Kill
Fake News Generated Against Hong Kong Protesters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

APMG International (APM Group)

APMG International (APM Group)

APM Group is a global accreditation, certification and examination body specializing in certification schemes for individuals, organizations and software.

Forensic Control

Forensic Control

Forensic Control specialise in providing simple & straightforward Cyber Security to organisations, helping them assess, prevent and respond to cyber threats.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Volatility Foundation

Volatility Foundation

Volatility is an open source memory forensics framework for incident response and malware analysis.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

DoControl

DoControl

DoControl gives organizations the automated, self-service tools they need for SaaS applications data access monitoring, orchestration, and remediation.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Abertay cyberQuarter

Abertay cyberQuarter

The Abertay cyberQuarter is a cybersecurity research and development centre housed within Abertay University.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.