Amid news of vehement cyber security threats raising doubts over a state-sponsored espionage on Indian institutions and individuals, a report now reveals that not just the Kudankulam Nuclear Power Project (KKNPP) of the Nuclear Power Corporation of India Limited (NPCIL), the Indian Space Research Organisation (ISRO), too, was alerted of a possible breach by a spyware.
According to an Indian Express report, the National Cyber Coordination Centre – a classified project set up in order to generate situational awareness of existing and potential cyber security threats – received intelligence from a US-based cybersecurity firm that a ‘threat actor’ had breached and intercepted the “domain controllers” at the KKNPP and at ISRO.
This spyware later came to be identified as ‘Dtrack’, which is programmed to steal data and give the hacker or the ‘threat actor’ complete control over all the infected devices by exposing its credentials and passwords.
Both NPCIL and ISRO were alerted on September 4, the report said.
On October 30, a day after the KKNPP denied any hacking of its control system, the Nuclear Power Corporation of India (NPCIL) confirmed the presence of malware in one of the computers. The nuclear corporation, however, added that the “systems are not affected” by the cyberattack. The breach at the Kudankulam plant became public on October 28 after some of the plant’s data showed up on virustotal.com, an online malware scanning service.
In a statement, NPCIL admitted there had been an infection “in the internet connected network used for administrative purposes” and that “the matter was immediately investigated by DAE specialists, but ensured that “investigation also confirms that the plant systems are not affected.”
But there has been no word from ISRO so far.
However, the Express report quoted sources to have confirmed that a multi-action team at ISRO jumped to action soon after the threat was received, about 100 hours ahead of its ambitious lunar landing mission of Chandrayaan 2, which subsequently failed.
After the breach at Kudankulam became public last week, Seoul-based non-profit IssueMakersLab, a cybersecurity firm of malware analysts claimed that they identified the malware as the same one that was used to infiltrate the South Korean military’s internal network in 2016.
Two days later, the organisation in a tweet posted an image “of the history of malware used by the North Korean hacker group B that hacked the Kudankulam” plant. It showed a 16-digit password used to “compress a list of files on an infected PC” as well as a MBR (master boot record) Wiper version of the malware.