Nuclear Power Corporation of India Limited admits identification of malware in its system

“Identification of malware in NPCIL system is correct. The matter was conveyed by Indian Computer Emergency Response Team (CERT-In) when it was noticed by them on September 4, 2019,” the NPCIL said in a statement in its website, without mentioning the Kudankulam Nuclear Power Plant (KKNPP), whose system was reportedly targeted by the hackers.

The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored.

''Investigation also confirms that the plant systems are not affected,'' the NPCIL claimed.

The clarification came from the NPCIL, a day after blanket denial by KKNPP officials over the tweet of Pukhraj Singh, an independent expert on cyber security, that domain controller-level access at the KKNPP plant had been breached and the extremely mission-critical targets were hit.
R Ramdoss, Training Superintendent and Information Officer of KKNPP said on Tuesday that some false information is being propagated on the social media platform, electronic and print media with reference to the cyber attack on KKNPP.

KKNPP and other Indian Nuclear Power Plants Control Systems are stand alone and not connected to outside cyber network and Internet.
''Any cyber attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP Unit 1 and 2 are operating at 1,000 MWe and 600 MWe, respectively without any operational or safety concerns,'' he said.

Pukhraj Singh tweeted that “I did not discover the intrusion (malware), a 3rd party did. It contacted me and I notified the National Cyber Security Coordinator on 4th September. The third party then shared the indicators of compromise (IoCs) with the NCSC’s office over the proceeding days. Kaspersky reported it (malware) later, called it DTrack.''

Dtrack was a malware developed by North Korean hackers. It was the same malware which in 2013 wiped hard drives at South Korean media companies and banks.

The KKNPP -- India’s largest civil nuclear power project was envisaged to have six units with total capacity to generate 6,000 MWe of power.
While the Unit 1 and Unit 2 were commissioned in 2013 and 2016 respectively, the construction of Units 3 and 4 was progressing. The construction of Units 5 and 6 were expected to begin next year.