The Nuclear Power Corporation of India (NPCIL) has confirmed a malware attack on its system on Wednesday, a day after an official denial that a “cyber attack” had not taken place at the Kundankulam Nuclear Power Plant.
The NPCIL said that an investigation into the matter has taken place and it revealed that “the infected PC belonged to a user who was connected with the internet-connected network used for administrative purposes. This is isolated from the critical internal network.”
In a statement on its website, the organisation said that it had been informed of the breach by CERT on September 4.
A story in The Indian Express on Wednesday confirmed the same through an anonymous source within the NCSC. In a statement released on Tuesday, NPCIL Information Officer R. Ramdoss said that false information is being spread on social, print and electronic media with regard to the Kudankulam nuclear facility.
“This is to clarify Kudankulam Nuclear Power Plant (KNPP) and other Indian Nuclear Power Plants Control are stand-alone and not connected to outside cyber network and Internet. Any cyber-attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP Unit-1 and 2 are operating at 1000 MWe and 600 Mwe respectively without any operational or safety concerns,” the release said.
The above release came after a report by Viral Total, an internet security firm owned by Google, had flagged malware that cyber-security firm Kaspersky had already warned of. The ‘virus’, called DTrack, is a version of one that has been used to “infiltrate Indian ATMs and steal customer card data”. It comes from the North Korean hacker group Lazarus, according to Kaspersky.
It was the trigger for Pukhraj Singh, a cyber threat intelligence analyst who has worked with the government and global security teams, to state on Twitter that he had already warned the Indian government as far back as September 3 after being tipped off by a third party.