Evidence points to North Korean hackers but India chooses to remain silent
Only an administrative network of Kudankulam Nuclear Power Plant (KKNPP) was hit by malware infection, a document tabled on Wednesday in parliament reveals.
However, the document laid on the table by the Ministry of Atomic Energy under the Prime Minister’s office does not reveal who is behind the attack and what their aim was.
It remains mum on whether the attackers were North Korean hackers as claimed by global malware experts.
Confirming that there was a malware infection at KKNPP, the largest nuclear plant in India, Minister of State Dr Jitendra Singh said that there was an identification of a malware infection on the KKNPP network used for day to day administrative activities.
“The affected system contains data related to administrative function. Plant control and instrumentation system is not connected to any external network such as Intranet, Internet and administrative system,” he said.
The minister also clarified that there was a reliable mechanism of cyber security for nuclear plants and the critical internal networks were adequately secured.
Assuring the security of the plant, the minister further said, “It is not possible to access the KKNPP.”
On October 28, there were claims made on Twitter that KKNPP had been subjected to a cyber attack.
Security researcher Pukhraj Singh in India, who has been reporting on the issue, said on Twitter: “So, it’s public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.”
However, on October 29, KKNPP Site Director Sanjay Kumar had said that the totally isolated network of KKNPP could not be accessed by any outside network from any part of the globe.
KKNPP official R Ramdoss also said that claims in the social media about cyber attacks were false.
He clarified that KKNPP and the other nuclear power plants' control systems were 'standalone' and not connected to any cyber networks outside or the internet.
But on October 30, confirming the attack in a statement, NPCIL said the attack was noticed on September 04 by the CERT-In (Indian Computer Emergency Response Team).
CERT is a national agency for responding to cybersecurity incidents.
Meanwhile, by giving a written reply in parliament, for the first time, the prime minister’s office has confirmed the malware attack.
However, the PMO has not revealed who is behind the malware attack and what was the aim behind the attack.
After speculation about the malware attack on KKNPP is from North Korea, on November 01, an expert group of South Korean malware analysts had shared evidence and analysis to corroborate the claims.
On October 31 itself, IssueMakersLab, a non-profit intelligence organisation researching North Korea's cyber warfare capabilities since 2008, revealed that the North Korean malware used in the attack on India's nuclear power plant had infiltrated the South Korean military's internal network in 2016 and stolen classified information.
“And they once destroyed South Korean broadcasting stations and banking systems in 2013,” the Lab said, confirming that North Korea has been interested in the thorium based nuclear power.
India is a leader in thorium nuclear power technology.
“Since last year, North Korean hackers have continuously attempted to attack to obtain that information,” the Lab said revealing that in April itself it had confirmed that North Korea's Kimsuky Group had attempted to steal information on the latest design of Advanced Heavy Water Reactor, an Indian design for a next-generation nuclear reactor that burns thorium into the fuel core.
Additionally, the Lab revealed that the North Korean hackers have attacked many Indian nuclear physicists and experts.
“The North Korean hackers launched spear-phishing attacks on India's nuclear energy-related experts by disguising them as employees of India's nuclear energy organisations such as AERB and BARC. They continued their attack for about two years,” the Lab said.
“Also, the DPRK hackers sent email containing malware to the former chairman of the Atomic Energy Regulatory Board (AERB) of India. And he was the Technical Director of NPCIL. He's an expert on the AHWR reactor (thorium-based),” the Lab added.
According to the Lab, some of the malware made by North Korea to attack India were based on the example source code of the South Korean book 열혈강의 Visual C++ 2008 MFC 윈도우 프로그래밍 (Windows Programming).
The Lab had also confirmed that one of the hackers who attacked India's nuclear energy sector is using a North Korean self-branded computer produced and used only in the North Korea.
“The IP used by one of the hackers was from Pyongyang, North Korea. This is more valuable than malware,” the Lab added.
The Rs 13,171 crore Kudankulam nuclear plant project consists of two units of advanced model of Russian VVER-1000 MW Pressurised Water Reactor, which is a leading type of reactor worldwide.
The design has been evolved from serial design of VVER plant, of which 15 units are under operation for last 25 years.