#Privacy: North Korean malware strikes Indian nuclear power plant

Kudankulam Nuclear Power Plant (KKNPP) has been infected by a malware created by North Korea’s state-sponsored hackers. 

The Nuclear Power Corporation of India Ltd (NPCIL) has confirmed that one of the computers at KKNPP had been hit by malware.

News of the attack began circulating on social media, to which KKNPP initially denied stating that an attack on the plant was “not possible.” However, in a letter dated Wednesday the Indian power plant confirmed that the original reports were correct. 

The letter states: “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.”

Following an investigation it was revealed that a computer, which was connected to the Internet and was being used only for administrative purposes, had been infected by malware. 

Kaspersky identified the malware as DTrack, a backdoor trojan linked to the Korean hacking group “Lazarus Group”. According to Kaspersky, the group are utilising DTrack to also attack financial institutions in India. As of yet, over 180 samples of the malware has been identified. 

Pukhraj Singh, an independent Indian security researcher who spotted the threat, alerted the authorities about the breach. Singh explained that it wasn’t a trivial matter and did not want to cause any panic:

 “A domain controller, which authenticates and authorises resources in a centralised manner, generally sits on the administrative IT network. The Operational Technology network is generally air-gapped, as it’s most critical. I was merely pointing out that the administrative IT network seems to be compromised. It doesn’t necessarily imply the reactor’s control systems were impacted.”

It is unknown as to what the attackers goal were, however Singh tweeted about a “casus belli in the Indian cyberspace.” Singh later clarified that the tweet referred to a second unknown target. 

On Monday, VirusTotal uploaded a data dump which points to the breach in KKNPP. 

DMK president M.K. Stalin commented about his concern over the lack of efficient safety measures at nuclear facilities:

“The cyberattack on NPCIL facilities is shocking and reveals the lack of adequate safety measures. The Union Government must conduct a thorough enquiry into the lapses. The National Cyber Security Coordinator owes an explanation on the preparedness of such facilities.”

This isn’t the first time a power plan has been a victim of a cyber-attack. Last year, hackers targeted a petrochemical power plant in Saudi Arabia with the aim of triggering an explosion.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/