Financial news

Suspected North Korea hackers targeted Indian space agency

By  | 

Via Financial Times

India’s space research agency was warned of a cyber attack in the middle of a landmark moon mission as part of a broader assault by suspected North Korean hackers, cyber security consultants with data on the incidents said.

The attack on the Indian Space Research Organisation (ISRO), whose much-hyped Chandrayaan-2 moon mission in September ended in failure, came as the country’s nuclear authority revealed last week a cyber attack at the Kudankulam nuclear plant in the southern state of Tamil Nadu.

The space research organisation was one of at least five critical government agencies, including India’s Atomic Energy Regulatory Board, to have been attacked in recent months, said Yash Kadakia, founder of Security Brigade, a Mumbai-based cyber security company.

People associated with the agencies opened phishing emails sent by the hackers, potentially unleashing malware into their systems.

ISRO confirmed that it had been warned of a cyber attack but said it had found nothing suspicious after an investigation. The Nuclear Power Corporation of India initially issued a similar denial following reports the Kudankulam plant had been hacked before clarifying that malware had entered one of its networks.

“Our systems were not compromised and our systems were not affected,” said an official at the space agency, adding that the moon mission itself had not been impacted.

The attacks will raise concern that suspected North Korean hackers are targeting the critical infrastructure of foreign countries to disrupt operations, steal technology or sell information.

Narendra Modi, India’s prime minister, has championed the country as an elite space power. But the Chandrayaan-2 mission, which was to be the first to land on the unexplored south pole of the moon, ended in failure about seven weeks after it was launched.

READ ALSO  Labour vows to nationalise BT’s Openreach network

The ISRO official said its core systems were isolated from the attack. “We have an internal network which is 100 per cent isolated from the internet,” the official said.

Hackers have been hitting India’s atomic agencies since 2018, using phishing emails containing malware, said Simon Choi of Issuemakers Lab, a non-profit intelligence organisation based in Seoul that monitors North Korean hackers.

Mr Choi said he had data showing the emails had targeted senior members of the Indian nuclear energy industry, including Shiv Abhilash Bhardwaj, former chairman of the Atomic Energy Regulatory Board, and Anil Kakodkar, former director of the Atomic Energy Commission of India.

He added the attack on the Kudankulam nuclear power plant had also employed phishing emails.

Mr Bhardwaj was not immediately available for comment. Mr Kakodkar said he had only “read this from newspapers and I have no further information”.

A policeman walks on a beach near Kudankulam nuclear power project in the southern Indian state of Tamil Nadu September 13, 2012. While much of the world is turning its back on nuclear energy, the villagers of Kudankulam, in a part of India hit by the 2004 Indian Ocean tsunami, say their government is gambling with their lives by opening one of Asia's first new nuclear reactors since the 2011 Fukushima disaster in Japan. Unable to rely on a coal sector crippled by supply shortages and mired in scandals, India is pushing ahead with constructing nuclear reactors despite global jitters over safety. Hundreds of millions of Indians still live without power and factories suffer frequent blackouts - an embarrassment to India's aspirations as an emerging economic powerhouse. Picture taken September 13, 2012. To match Feature INDIA-NUCLEAR/ REUTERS/Adnan Abidi (INDIA - Tags: POLITICS ENERGY BUSINESS) - GM1E89J0HW301
The hack of Kudankulam nuclear power plant was publicly revealed last week © Adnan Abidi/Reuters

Mr Choi said: “A group known as DarkSeoul or Operation Troy, which hacked South Korea’s defence ministry and banks, actually penetrated into the nuclear power plant after another group known as Kimsuky did some surveillance and gathered information.

“The latest hacking events in India show that North Korea’s attention has shifted to key infrastructure facilities of other countries, and it shows that it can successfully penetrate them.”

But cyber security experts cautioned that attributing an attack to a particular actor can be fraught. One Asia-based cyber analyst who had reviewed the attack but did not want to be named said that while it was “unlikely”, the techniques used by the hackers could have been used by another actor to apportion blame to North Korea.

READ ALSO  Rahm Emanuel: ‘There is more to us than our divisions’

Mr Kadakia of Security Brigade said he had compiled a list of 13 recipients of phishing emails spanning at least five government agencies, including ISRO, after reviewing data from the server compromised by the hackers. Some of the phishing emails were sent to private Gmail accounts.

While Mr Kadakia said he could verify the officials were targeted and that they had opened the links potentially unleashing malware, he could not confirm if a virus infected other computers in the agencies.

“This is not really rocket science, it wasn’t really anything cutting edge, it was a phishing email, an unpatched browser and a lack of monitoring,” said Mr Kadakia. “They clicked the links and opened the malware.”

Sohn Young-dong, a defence expert at Hanyang University in Seoul, said Pyongyang might be using the attacks to seek nuclear technology to help overcome its own energy crisis. Equally, it could equally be aiming to “sell such information to countries like Iran”.

The US government’s Congressional Research Service has detailed that a 2014 attack on South Korea’s nuclear plant operator — attributed to North Korea by officials in Seoul — resulted in designs and manuals being published and that the “hackers intended to cause a malfunction at atomic reactors, but failed to break into their control system”.

Print Friendly, PDF & Email

Hold dit netværk orienteret