India’s Nuclear Power Corporation admitted that malicious software had infected their systems after denying such rumors only a day earlier.
Recent reports have claimed that India’s NPCIL (Nuclear Power Corporation of India Limited) was infected with malware, with the responsible party likely being North Korean hackers. Initially, the company had denied any such claims. However, only a day later, they admitted that the rumors were true and that the administrative network of KKNPP (Kudankulam Nuclear Power Plant) was infected, after all.
The new press release published this Wednesday quotes the company’s Associate Director A.K. Nema, who confirmed that the malware was found in NPCIL systems. The infection was allegedly noticed on September 4th, which is when India’s national computer emergency team, CERT-In, took over.
So, it's public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit. https://t.co/rFaTeOsZrw pic.twitter.com/OMVvMwizSi
— Pukhraj Singh (@RungRage) October 28, 2019
This information seems to match with the findings of a threat analyst, Pukhraj Singh, who reported the breach to the National Cyber Security Coordinator. In other words, it seems like the company is finally revealing the true details of the infection.
The company did not release all the details, of course, and it remains unknown whether any data was stolen from the network, and if so — how much of it, and its nature and sensitivity. However, according to Singh, the power plant might not be the only target, although he also admitted that he may not disclose any information about other attack(s).
What is known is that the malware in question is known as Dtrack, as named by Kaspersky, and that it was previously used against research centers and financial institutions. The malware supposedly also shares some elements with other malware known to be used by the North Korean state-sponsored hacking group, Lazarus.
Kaspersky’s data on the malware indicates that this might be a malicious software used for cyber espionage, reconnaissance, and keylogging, among other things. It likely did not allow hackers direct access to the power plant’s control networks, but its role may have been to establish a permanent presence in the network.
What do you think about the new security incident? Are you worried about the hackers’ potential influence on such companies? Tell us your thoughts in the comments below.
Images are courtesy of Twitter, Pixabay, Shutterstock.