Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
3-min read

Cyber Attack on Kudankulam Nuclear Plant Did Happen, Systems Not Affected: NPCIL

The admission of the Dtrack attack on India's largest nuclear power plant comes a day after KKNPP issued a statement strongly denying these claims.

Shouvik Das | News18.com@distantvicinity

Updated:October 30, 2019, 4:08 PM IST
facebookTwitter Pocket whatsapp
The Kudankulam Nuclear Power Plant in Tirunelveli, Tamil Nadu.
The Kudankulam Nuclear Power Plant in Tirunelveli, Tamil Nadu.

The Nuclear Power Corporation of India Limtied (NPCIL) has issued a statement admitting that the claims of a malware attack on the Kudankulam Nuclear Power Plant (KKNPP) is true. The admission was issued earlier today by A.K Nema, associate director of NPCIL, who said, "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019."

Nema further stated, "The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored." Additionally, he confirmed that the plant systems are not affected.

The admission from the governing body comes a day after R. Ramdoss, training superintendent and information officer at KKNPP, issued a statement that categorically denied any instance of cyber attacks on India's largest nuclear power plant. The statement said, "This is to clarify Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants' control systems are standalone and not connected to outside cyber network and Internet. Any cyber attack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP's Unit-1 and 2 are operating at 1000 MWe and 600MWe respectively, without any operational or safety concerns."

Word regarding the cyber attack on the KKNPP network was put forth by cyber security researcher Pukhraj Singh, who was notified about the attack by an undisclosed independent party. Subsequently, the attack was reported to India's national cyber security coordinator, Lt. Gen. (Retd.) Rajesh Pant, on September 3. The matter was acknowledged by the governing body a day later, which has now been confirmed via NPCIL's statement from earlier today. Interestingly, the indicators of compromise in the attack was then found to be the Dtrack malware, which has been picking up pace in India, affecting enterprise networks and ATMs.

Believed to be produced by the Lazarus APT (advanced persistent threat) group, Dtrack is said to be specifically targeting India across various industries, with the KKNPP attack possibly the most critical so far. While Kaspersky has spoken at length about the rise of the Dtrack malware in India of late, Citi's head of threat intelligence, Kevin Perlow, took to Twitter to reveal what he stated was the Dtrack malware's data payload scraped from the KKNPP cyber attack. While News18 could not independently verify the presence of the Dtrack malware in the KKNPP system, NPCIL has admitted that the malware attacked a system connected to the administrative network, hence leaving open the possibility of the malware gaining unauthorised admin privileges, and subsequently, scrolling sensitive information from concerned networks.

However, Konstantin Zykov, senior security researcher at Kaspersky and the man behind discovering the Dtrack attacks in India, said that Kaspersky could not independently verify if the nuclear plant was among Dtrack's target list. Zykov stated to News18, "In our research, there were no confirmations of any cyber incident involving any nuclear power plant in India. We are not able to comment further on this matter as we have already published all our findings about Dtrack on Securelist."

Questions sent by News18 to the Department of Atomic Energy and the NPCIL regarding the severity of compromised information as a result of the breach remained unanswered at the time of publishing. More details and public disclosure of any severe compromise remain awaited.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: ---
Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results