India’s largest nuclear power station, Kudankulam Nuclear Power Plant was hit with a cyber-attack earlier this year. Initially, the Kudankulam Nuclear Power Project has denied the cyber-attack that took place.
The news circle’s on twitter for the last couple of days after the security researcher Pukhraj Singh notified about the incident that took place.
Pukhraj Singh said that “Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.” He also added that he notified the incident to National Cyber Security Coordinator( NCSC) on Sep 4.
The intrusion was detected by a third-party cybersecurity company and the company contacted Pukhraj Singh who notified the incident to NCSC and the IoCs shared by the third-party cybersecurity company to NCSC.
On September 23, Kaspersky reported about the DTrack spy malware, the malware attributed to Lazarus hacker group from North Korea.
The Kudankulam Nuclear Power Plant officials denied the attack initially saying some false information being circulated.
Training Superintendent and Information officer of Kudankulam Nuclear Power Plant (KKNP) said that the power station network was not connected to the Internet, so the cyberattack is not possible.
According to the notice from KKNP, on 29/10/2019, states that “This is to clarify Kudankulam Nuclear Power Plant(KNPP) and other Indian Power Plant Control Systems are stand-alone and not connected to outside cyber network and internet. Any cyber-attack on the Nuclear Power Plant Control System is not possible,”
The report is almost correct, Pankaj tweeted about the compromise of the domain controller and not the Industrial control system.
Domain controller (DC) – It is the server that handles security authentication requests within a Windows domain network.
Industrial control system (ICS)- Integration of hardware and software to support critical infrastructure.
Dtrack malware designed to spy on the victim machines, it includes following payload executables to extract sensitive information from the infected machines.
The malware also includes additional modules that allow an attacker to gain remote access to the system and can upload/download or execute files.
The Dtrack malware attributed to infamous North Korean state-sponsored Lazarus Group hacking known for conducting large scale attacks targeting government, military, financial, manufacturing, publishing, media, entertainment, and international shipping companies, as well as critical infrastructure.
Here is the Dtrack data collection break down.
Congress MP Shashi Tharoor demanded an explanation from the government on Twitter: “This seems very serious. If a hostile power can conduct a cyber attack on our nuclear facilities, the implications for India’s national security are unimaginable. The Government owes us an explanation.”
Initially, it was denied, but some senior officials said that an internal audit confirmed that an incident occurred a d the hackers gained access to the plant’s administrative network.
NPCIL released a statement yesterday confirming the cyber attack and the infected computer belongs to the user who connected to the Internet of administrative purposes.
The report also confirms that the attack limited within the administrative network and the critical systems are air-gapped that are isolated from the administrative networks.
“Identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.”
By compromising the IT infrastructure attackers may try to penetrate to the other computer connected within the network and to steal information such as access controls, safety measures, and other details.
Nowadays Cybersecurity is a vital part of the process and infrastructure industry operations. From the past few years, cyber-attack tactics have increased and massive data is being grabbed and misused by many black hat people across many industries.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…