NEW DELHI – India has finally admitted that malware attributed to NorthKorea was found in its most powerful station, the Kudankulam Nuclear PowerPlant.
Officials at Kudankulam had initially denied that it was a victim of thecyber attack, as they said in a statement that it was ‘impossible’. Thestatement added that the control systems network is isolated from theplant’s administrative network.
However, after initially denying, government-run Nuclear Power Corporationof India Limited (NPCIL) has now confirmed that it identified malware inone of its computers last month. However, NPCIL said that its plant systemswere unaffected, Indian media reported.
“Identification of malware in NPCIL system is correct. The matter wasconveyed by CERT-In [India’s national computer emergency response team]when it was noticed by them on September 4, 2019,” NPCIL Associate DirectorA. K. Nema said.
Read Top Stories
He further said investigation reveals that the infected PC belonged to auser who was connected in the internet network used for administrativepurposes. “This is isolated from the critical internal network,” he added.
The malware, which has been identified by researchers as NorthKorea’s Dtrack, was reported by Pukhraj Singh – a cyber securityprofessional, to have gained ‘domain controller-level access’ atKudankulam. Dtrack is the same malware which was tied to North Korea’sLazarus threat group by researchers based on code shared with DarkSeoul.The malware attack wiped hard drives at South Korean media companies andbanks in 2013.
