The government of India operated NPCIL or Nuclear Power Corporation of India Limited has just confirmed that its network was hacked. This confirmation comes just a day after NPCIL denied the initial reports of a malware attack on its systems. As part of the confirmation, it revealed that malware made its way “on the administrative network” for the Kudankulam Nuclear Power Plant. This attack was linked to Dtrack malware as per security researchers. As part of the official announcement admitting the attack, AK Nema, the Associate Director for NPCIL also issued a statement. Nema added, “Identification of malware in NPCIL system is correct.”
Nuclear Power Corporation hack details
Nema also revealed that CERT-In (Computer Emergency Response Team for India) had already issued a warning on September 4, 2019. A third party notified Pukhraj Singh, a senior cyber threat intelligence professional about the attack. Singh conveyed the necessary information to National Cyber Security Coordinator on September 3, 2019. Singh also shared more information about the attack adding that the malware allowed attackers domain controller-level access at the Nuclear Power Plant. He also revealed on his Twitter account that “mission-critical targets were hit”.
Going back to the report, Nema also stated that the Department of Atomic Energy specialists investigated the matter. It revealed that the infected system belonged to an Internet-connected network for administrative work. The affected system was not connected to the critical internal network. Nema went on to state that they were continuously monitoring the systems. Singh termed the attack as “casus belli” which means an act or provocation for war. He later clarified by adding that attackers also hit a second target to project strength. Singh did not reveal any information about the second target at the time of writing.
A report from Arstechnica stated clarified that Dtrack features elements similar to other malware. Past reports have linked the North Korean hacker group Lazarus with the second malware. Dtrack usually targets gathers information instead of attacking critical nuclear power plant functions. This also likely means that North Korea conducted the attacks.