Did the Kudankulam Nuclear Power Project (KKNPP) in Tamil Nadu face a cyber-attack from hackers based in North Korea? The officials at KKNPP in a press statement have strongly denied that any such cyberattack has taken place. This, after several users on Twitter claimed that a data dump on a virus tracking website suggested that the infamous North Korean hacker group, Lazarus, could have gained administrative access to some of the computers at KKNPP.
The tweets by the twitter user @a_tweet_user on October 28 pointed towards data dumps made on VirusTotal, a website that tracks the activities of various viruses that infect systems worldwide. A data dump generally refers to copious amounts of data moved from one system to another.
Among the data dumped on the website, cyber security researchers found the user name "KKNPP\\administrator". KKNPP, they claimed referred to computer/computers at the nuclear power plant. This particular system was attacked using a variant of the virus 'DTRACK' claimed to have been developed by Lazarus.
R Ramdoss, the Training Superintendent and Information Officer at Kudankulam Nuclear Power Project, denied that any such attack had taken place.
He said, "The tweets and all those allegations are baseless. The software in all nuclear power plants in the country is an independent one and not tied to any external network. It is false propaganda. Both power plants are running now and generating power."
In a press statement, KKNPP officials stated, "This is to clarify Kudankulam Nuclear Power Project (KKNPP) and other Indian Nuclear Power Plants Control Systems are stand-alone and not connected to outside cyber network and Internet. Any cyberattack on the Nuclear Power Plant Control System is not possible. Presently, KKNPP Unit-1 and 2 are operating at 1000 MWe and 600 MWe respectively without any operational or safety concerns,"
On October 19, the second nuclear power unit at KKNPP had stopped power generation at 12:30 am. The reason for stopping the power generation was supposedly stopped due to low generation of steam. The KKNPP mentioned that the power plants were running to rule out any conjecture.
The threat of a potential cyber-attack on the Indian cyberspace was first pointed out by the Indian Twitter user Pukhraj Singh. Shortly after the KKNP press release, the techie tweeted saying, "Seeing KKNPP's press release, I would like to add that I notified Lt Gen Rajesh Pant (National Cyber Security Coordinator) on Sep 4. Follow-up emails were exchanged, acknowledging the issue. I would solicit no further enquiries on the matter, requesting privacy."
Those working in the domain of cyber-security say the DTRACK virus- claimed to have been developed by the Lazarus hacker group- was mostly used to steal information about a computer and the network it is connected to. The virus can also give the creator of the virus, administrative control of the infected system and could also be used as ransomware.
Though KKNPP has ruled out any interference, Surya, a user interface developer for applications and software based out of Tamil Nadu, points out that it is wiser to be cautious. He agrees that the main nuclear reaction functions are offline systems that are not connected to the internet. "If other sections of the power plant, the generator, the turbines are connected to the network, it is a serious thing if someone gets inside a secure network."
The techie pointed out that the virus, when it infects a computer, can take out information like the networks it is connected to, the keylogging (what one types on the keyboard), thus gaining access to passwords. The virus can also collect information on the processes that are running in the system, browsing history, the software functioning in the computer drives. Apart from network information, it would also collect the IP information and the local networks that are connected and the MAC address which is unique to each system.
Surya warns that hackers sell such information to interested countries. "Whenever a power plant-related information is shared in the public domain, it is never detailed. The hackers will just say that they have shut down a component or that they are have stopped operations. The DTRACK can also give administrative controls to the person who has created the virus in North Korea," he says.
Read thread:
So #KKNPP tweets are in cybereese and am trying to document things that can be easily understood in plain English.https://t.co/AUQkjsbmse
— Srikanth ஸ்ரீகாந்த் (@logic) October 29, 2019