India has confirmed its newest nuclear power plant was the victim of a cyber attack, exposing the vulnerability of one of the country’s most critical sectors to cyber espionage.
The Kudankulam nuclear power plant was hacked using malware designed for data extraction linked to the Lazarus Group, cyber experts said. The group is known to have ties to two North Korean backed groups.
The Nuclear Power Corporation of India Limited confirmed on Wednesday that malware had been identified in the system but said that it was “isolated from the critical internal network”. Its assessment is disputed by cyber security experts who say critical information was compromised.
NPCIL operates 22 commercial nuclear power reactors in the nation with a capacity of 6,780MW, according to the corporation.
News of the hack first surfaced when VirusTotal, a virus scanner site owned by Google parent Alphabet, flagged a data dump related to the India malware.
Indian security officials have known about the hack since September, according to Pukhraj Singh, a private cyber security consultant who used to work at the National Technical Research Organisation, India’s equivalent to the US National Security Agency. He said he alerted the government himself after receiving a tip about the virus.
“The attackers gained a very privileged vantage point in the network,” said Mr Singh. “This should be a wake-up call for India and that’s an understatement.”
The Nuclear Power Corporation of India and the National Cyber Security co-ordinator did not respond to requests for comment.
Critics argue New Delhi is struggling to modernise its cyber security policies despite Prime Minister Narendra Modi’s “Digital India” initiative aimed at bringing millions of Indians online.
“With NPCIL confirming the cyber attack on Kudankulam, the National Cyber Security co-ordinator (NCSC) and NSA must address public concerns about this dangerous intrusion on India’s critical infrastructure,” tweeted Indian MP Shashi Tharoor. “Why has it taken so long for the government to create and fortify India’s cyber capabilities in order to punish, deter and repel such attacks?”
The attack on the nuclear plant was conducted with malware known as DTrack, cyber experts say, which was used in 2016 to steal the financial data of millions of Indians. The virus targeted Hitachi Payments Services, a private operator running ATMs and point-of-sale devices across the country.
Cybersecurity firm Kaspersky said DTrack had “similarities with the DarkSeoul campaign”, a cyber espionage campaign on South Korean banks and media companies dating back to 2013 attributed to the Lazarus group.
An August UN report said that North Korea’s “widespread and increasingly sophisticated” cyber actors — many of whom operate under direct government control — had netted as much as $2bn for the country’s weapons of mass destruction programme.
North Korean hackers have been blamed for the 2014 Sony Pictures hack and for the global WannaCry attack three years later. They have also been accused of conducting a series of bank heists, and more recently, much smaller, higher frequency raids on stores of cryptocurrency.