India’s largest nuclear plant was reportedly hit by a malware package that experts linked to North Korean hackers recently, but officials said control systems had not been jeopardized.
Reports of an infringement on the Tamil Nadu Nuclear Power Plant in Kudankulam came on Monday following a Twitter user posting a VirusTotal link to what seemed to be a sample of a newly discovered malware piece called Dtrack.
The malware was set up to use the hard-coded combination of user and password referencing KKNPP, the acronym for the Kudankulam Nuclear Power Plant.
Indian cybersecurity expert Pukhraj Singh confirmed that hackers had acquired domain-level access to the Kudankulam nuclear power plant and were also hit with other “extra-critical targets.”
Singh referred to the tweet that he wrote at the beginning of September, in which he said he saw a “casus belli,” a Latin phrase used to describe a war case. He later explained that his other goals were even “scarier than KKNPP,” which is why he “went all hyperbolic about casus belli.”
Singh said he had learned from a third party of the intrusion into Kudankulam plant and on 3 September notified India’s National Cyber Security Coordinator, allegedly recognizing the issue.
However, some Indian officials categorically denied any breach in the nuclear power plant. On the other hand it was stated by the Nuclear Power Corporation of India that the plant was targeted at a cyber attack, but that controlling systems are not connected to the local network or the Internet and that an assault at control systems of the plant “is not likely.”
The nuclear power station has endured multiple disturbances, including a disruption in the past weeks, but officials cited in The Economic Times denied a cyber attack.
Kaspersky researchers recently uncovered Remote Access Trojan (RAT) Dtrack while investigating ATM attacks targeting India with a piece of ATMDtrack-tracked malware. The Dtrack software analysis revealed links to an earlier operation linked to a North Korean risk agent named Lazarus.
According to Kaspersky, Dtrack, which was used in early September to target financial and research organisations, offenders collect and steal data from affected systems, including the keystrokes, browser history, IP addresses, network details, running processes and files.