Pukhraj Singh is a former analyst at India’s National Technical Research Organization (NTRO). In a report, he connected a malware report published by VirusTotal to a cyberattack on the computers at the Kudankulam Nuclear Power Plant (KNPP). Singh says that a North Korean virus called Dtrack managed to achieve “domain-controller level access” at Kudankulam. His findings have been reported to the Indian government.
It does not appear that the attack affected any of the controls for the reactors, but research and technical data may have been stolen. It seems that the target of the attack was a collection of technical information. The attack employed a Windows SMB network drive share with credentials hard-coded in the malware which collected targeted files. North Korea’s Lazarus threat group was connected to Dtrack based on the fact that similar code was found in DarkSeoul, an attack by malware that erased hard drives in South Korean banks and media groups in 2013.
Singh mentioned the attack in a September 7th tweet. He wrote, "I just witnessed a casus belli in the Indian cyberspace and it sucks at every level." He admitted that he learned of it attack from a "a third party." Singh presented the information to India's National Cyber Security Coordinator on September 4. The third-party Singh mentioned had shared indicators of compromise "over the preceding days." The virus tracking organization Kaspersky made the identification of the virus with Dtrack after Singh reported it.
Officials at Kudankulam have stated that the computers that actually run the reactor are isolated from the administrative computers and are immune from cyberattack. They have not said what valuable information may have been stolen from the administrative computers. Kudankulam issued a press release in which the training superintendent and information officer for the KNPP said that the plant “and other Indian Nuclear Power Plants Control Systems are standalone and not connected to outside cyber network and the Internet... Any Cyber attack on the Nuclear Power Plant Control System is not possible." The officials at the plant claimed that the two reactors at the plant are currently up and running "without any operational or safety concerns."
KNPP is the biggest nuclear power plant in India. Controversy has bedeviled the plant since construction started in 2002. Local activists including fishermen managed to delay the activation of KNPP by a decade. There are plans for KNPP to collaborate with the Russian Atomstroyexport in the construction of and operations of a total of six nuclear power reactors but for the present there are only two operating reactors at KNPP. There have been many reports of safety violations at the plant. The plant has no offsite spent nuclear fuel storage facility. There was a court battle over whether or not the plant should be allowed to operate until such a facility had been constructed.
The reactors at KNPP have been shut down seventy times since the reactors were turned on in 2013. On October 19 of this year, the second reactor at KNPP was shut down because there was a fault in the reactor’s steam generation. The officials claim that that shutdown was not related to the Dtrack virus.