A South Korean cybersecurity firm claims that the Kudankulam Nuclear Power Plant (KKNPP) in southern India’s Tamil Nadu state was attacked by North Korean “DTrack” malware in an attempt to obtain internal information about “thorium-based nuclear power”.
Located off the Bay of Bengal in the Tirunelveli district of Tamil Nadu state, the power plant is the single largest nuclear power station in India.
We have confirmed that one of the hackers who attacked India's nuclear energy sector is using a North Korean self-branded computer produced and used only in the North Korea. And the IP used by one of the hackers was from Pyongyang, North Korea. This is more valuable than malware. pic.twitter.com/xqusmMWWY7
— IssueMakersLab (@issuemakerslab) November 4, 2019
In its analysis, Seoul-based IssueMake Labs also asserted that along with the plant, senior Indian nuclear scientists including former Chairman of Atomic Energy Commission of India, Anil Kakodkar and former Chairman of the Atomic Energy Regulatory Board, S A Bhardwaj – were also targeted by the hackers.
Also, the DPRK hackers sent email containing malware to the chairman(not now *ex-*) of the Atomic Energy Regulatory Board(AERB) of India. And he was the Technical Director of Nuclear Power Corporation of India Limited (NPCIL). He's an expert on the AHWR reactor (thorium-based). pic.twitter.com/5BjlGenPhr
— IssueMakersLab (@issuemakerslab) November 2, 2019
Addressing the speculations surrounding the malware-attack rumours, on 29 October, KKNPP issued a statement claiming that the plant’s control system was not connected to any cyber network outside its periphery.
Just one day after denying the cyber attacks, on 30 October, the Nuclear Power Corporation of India (NPCI) admitted that their systems were, in fact, infected by foreign malware.
The experts also alleged that North Korean hackers have continuously been attempting to breach nuclear facilities and accounts of top nuclear scientists to obtain confidential nuclear-power information from India.
This is an image of the history of malware used by the North Korean hacker group B that hacked the Kudankulam Nuclear Power Plant(KKNPP) in India. A 16-digit string(dkwero38oerA^t@#) is the password that malware uses to compress a list of files on an infected PC. pic.twitter.com/YFiKv7wSJW
— IssueMakersLab (@issuemakerslab) November 3, 2019
Indian cyber-security expert Pukhraj Singh, who first raised alarm bells about the cyber-attack at KKNPP said that such incidents highlight India’s lack of a deterrence strategy.
Singh took to Twitter to point out that the cyber-attacks were not destructive because the attackers did not get aggressive and added: “We were at their mercy”.
THIS IS IT. The espionage toolchain linked to a destructive wiper. The intrusions weren't destructive because the actor decided against it. We were at its mercy. It's not about airgaps or how awesomely safe reactors are, it's about the complete absence of a deterrence strategy. https://t.co/4ezbVu4YiK
— Pukhraj Singh (@RungRage) November 3, 2019
