Cyberattack at Tamil Nadu\'s Kudankulam nuclear power plant- what we know so far

India’s largest nuclear plant the Kundankulam nuclear power plant reported a partial cyber-attack in early September, details of which became public last week.

The news of the attack became public after virus scanning software VirusTotal indicated that a large dump of data has been stolen from the plant.

While no physical symptoms or impacts form the attack are being seen right now, the attack is still alarming for how prepared India’s cybersecurity is.

While VirusTotal made it public, it was first flagged by reputed cybersecurity professional Pukhraj Singh, who had allegedly informed the Indian authorities. Singh, who had previously worked for the National Technical Research Organisation said he had informed the relevant Indian government authorities on the 3rd of September.

After the revelation by VirusTotal, Department of Atomic Energy overseer Nuclear Power Corporation of India (NPCIL) refuted the reports as social media rumours on October 28th. However, subsequent reports alleging more to what appears persuaded the NPCIL to accept any occurrence of a breach.

The Attack

The NPCIL, in its statement admitting the attack, said that it took place due to an infected computer being connected to the same network as the rest of the plant’s administrative system.

While that may be true, initial flag-raiser Singh said that multiple critical systems had been hit during the attack.

So, it's public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit. https://t.co/rFaTeOsZrw pic.twitter.com/OMVvMwizSi

— Pukhraj Singh (@RungRage) October 28, 2019

Moreover, he said that it appeared to be a domain control level attack. Domain control is essentially the apparatus which shall verify or authenticate all other devices connected to a system (in this case the plant).

The nature of the attack prompted multiple cyber-security experts to guess that the infecting malware could have been DTrack. Notorious also for a previous sequence of ATM attacks as well as being associated with North Korean cyber attacking group Lazarus’ activities, who are now the prime suspects for this attack.

Despite no physical damage, the attack raises such an alarm as it exposes how vulnerable Indian nuclear facilities could be technological. It also doesn’t help that military and civil nuclear facilities are overseen by the same authority ultimately.