Kudankulam N-plant was hit by malware, says nuclear power corp

NPCIL authorities said the malware attack was conveyed to them by the Computer Emergency Response Team. Photo: PTI File.

A day after denying claims of cyber-attack at the Kudankulam Nuclear Plant, the Nuclear Power Corporation of India Limited (NPCIL) on Wednesday (October 30) said that the strategic nuclear facility was attacked by a malware.

In a statement released on Wednesday, NPCIL authorities said the malware attack was conveyed to them by the Computer Emergency Response Team (CERT), on September 4, 2019.

“The matter was immediately investigated by Department of Atomic Energy (DAE) specialists. Investigation revealed that the infected computer belonged to a user who was logged in to the network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored,” a statement from NPCIL read.

According to the sources, soon after the matter was notified, a team of experts visited the plant in the late September. “It was found that there was a cyber-attack. But, it did affect only systems used for administrative purpose,” sources said.

Meanwhile, power generation in Kudankulam was stopped in mid-October. “However, it has nothing to do with the cyber-attack,” sources added.

On Tuesday (October 29) social media was abuzz claiming cyber-attack on the nuclear plant. Soon after the topic went viral, officials issued a clarification on Tuesday denying the claims.

“The Kudankulam Nuclear Power Project and other Indian Nuclear Power Plants Control Systems are stand alone and not connected to outside cyber network and internet. Any cyber-attack on the Nuclear Power Plant Control System is not possible,” read a statement from the NPCIL on Tuesday.

The issue was pointed out on social media by cyber security expert Pukhraj Singh, who higlighted a report by VirusTotal.com, an independent website that tracks of viruses, about a malware attack at a Kudankulam administrator system.

Pukhraj tweeted that the government was notified way back. “Extremely mission-critical targets were hit,” he tweeted. He also tweeted that the intrusion was made by a third party. “A third party did. I notified the national cyber security coordinator on September 3,” he tweeted.

The report from the VirusTotal referred to a malware called ‘Dtrack’. The malware was first found by cybersecurity firm Kaspersky in September 23. They had said that they discovered Dtrack previously in Indian Financial Institutions and Research Centers.

The cyber-attack has triggered apprehension among the people here. Congress MP Sashi Tharoor sought an explanation from the government.

“This seems very serious. If a hostile power is able to conduct a cyber-attack on our nuclear facilities, the implication for India’s national security are unimaginable. The Government owes us an explanation,” Tharoor tweeted.