Malware Found on Network of Kudankulam Nuclear Power Plant
Malware has been found on the administrative network of the Kudankulam Nuclear Power Plant (KNPP) in India.
The malware has been identified by Kaspersky Labs as Dtrack, which has been used by North Korean state hackers, Lazarus Group, who were sanctioned by the US Treasury in September this year.
In a statement released on October 30, the Nuclear Power Corporation of India Limited (NPCIL) said: "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In [India's national computer emergency response team] when it was noticed by them on September 4, 2019. The matter was immediately investigated by [India Department of Atomic Energy] specialists. The investigation revealed that the infected PC belonged to a user who was connected to the Internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. Investigation also confirms that the plant systems are not affected."
September 4 is the same date the NPCIL were notified of the attack by Indian cybersecurity professional Pukhraj Singh, who learned of of the attack from a third party. Three days after notifying NPCIL, Singh tweeted: "I just witnessed a casus belli in Indian cyberspace and it sucks at every level." (casus belli: an act or event that provokes or is used to justify war)
In reference to his "casus belli" quote, Singh told ARS Technica he used the term "because of the second target, which I can't disclose as of now."
It's unknown if data was stolen from the KNPP network during the attack.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.