According to a report, India’s largest nuclear power plant was allegedly hit lately by a piece of malware linked to North Korean hackers, but officials said control systems were not affected.
Reports suggested that a breach occurred at the Kudankulam Nuclear Power Plant located in the Indian state of Tamil Nadu after a Twitter user posted a VirusTotal link highlighting what seemed to be a taster of a lately revealed piece of malware named Dtrack.
The malware was arranged to use a hardcoded username and password blend that referenced KKNPP, the abbreviation for the Kudankulam Nuclear Power Plant.
Cybersecurity expert Pukhraj Singh reposted the tweet, saying that hackers had acquired domain controller-level access to the Kudankulam nuke plant and that other highly mission-critical targets had also been struck.
Singh said he had learned of the interruption at the Kudankulam plant from a third-party and he informed India’s National Cyber Security Coordinator on September 3, which purportedly recognized the issue.
Nevertheless, some Indian officials have firmly denied that any kind of breach occurred at the nuclear power plant. Conversely, a statement from the Nuclear Power Corporation of India confirms that a cyberattack targeted the plant, but emphasized that control systems are not linked to the local network or the internet. The India-based expert also confirmed that there was no sign of control systems being affected.
The nuclear plant underwent several interruptions, including one recently, but officials have reportedly said that no cyberattack caused the incident.
Researchers at Kaspersky lately exposed the Dtrack remote access trojan (RAT) while probing ATM attacks aimed at India, involving a piece of malware tracked as ATMDtrack. Analysis of the Dtrack code exposed parallels to an older campaign that had been associated to a North Korean threat actor known as Lazarus.