The Nuclear Power Corporation of India Ltd (NPCIL) on Wednesday (October 30) confirmed that malware had infected its system at the Kudankulam Nuclear Power Plant (KKNPP).
The associate director and appellate authority at NPCIL, A K Nema confirmed the identification of malware in NPCIL system, as mentioned in a statement.
He further stated that the matter was conveyed to the CERT-In (Computer Emergency Response Team) when it was noticed by the plant. The matter was immediately investigated by the department of atomic energy (DAE) specialists, he added.
The investigation revealed that the infected computer belonged to a user who was connected to the local network used for administrative purpose, and the network traffic was being continuously monitored by the unauthorised user. However, Nema confirmed that the plant systems were not affected by this breach, as stated in the report.
The news first surfaced on Twitter on Monday, where the breach came to light after the VirusTotal website uploaded a data dump that seemed to point to a data breach in the KKNPP system, which later was identified as ‘Dtrack’ malware.
For those unaware, Dtrack is a virus used by North Korea-based hacker group Lazarus. It has been used in the past to attack financial and research centres in India, and its variant ATMDtrack was designed to hack ATMs in India.
Pukhraj Singh, a former security analyst for India’s National Technical Research Organisation (NTRO), pointed out that this breach is linked to a malware infection at the KNPP on September 4, 2019. However, at the time, the KKNPP administration denied the claims.
India had the second highest incidence of cybersecurity attacks between 2016 and 2018, according to a new Data Security Council of India (DSCI) report. Further, the average cost for a data breach in India has risen 7.9% since 2017, with the average cost per breached record amounting to INR 4,552 ($64).