Indian Nuclear Power Plant Refutes Major Cyber Attack Rumors from Twitter, and Says Its Critical Systems Are Impossible to Hack

The Kudankulam Nuclear Power Plant, the most powerful such station in India, has denied that it was the target of a cyber attack. Officials say that its network is a “stand alone” and is not connected to the outer internet. The clarification from the Kudankulam Nuclear Power Plant came after speculative posts on Twitter suggested that the power plant was the target of a variant of a virus known as DTrack RAT that is believed to come from North Korea. The official statement raised questions because, although it said none of the critical systems were compromised, it said nothing about non-critical systems. -GEG

An Indian state nuclear power plant operator issued a carefully worded statement after reports of malware at one of the power plants’ systems snowballed into rumors of a North Korean cyber attack that allegedly crippled a reactor.

“Any cyber attack on the Nuclear Power Plant Control System is not possible,” an information officer for the Kudankulam Nuclear Power Plant (KNPP) stated on Tuesday. Both KNPP’s reactors were operating nominally, he added, emphasizing that all critical systems at KNPP and other plants are “standalone and not connected to outside cyber network and Internet.”

The official statement, however, raised further questions, as many noted it neither confirmed nor denied whether any of the secondary non-critical systems might have been compromised in the alleged breach.

Cybersecurity expert Pukhraj Singh, whose tweets had triggered the avalanche of rumors, followed up with a clarification that he only spoke of an alleged lower level “domain controller” breach, instead of one on “control systems.” A hack on the domain level might affect a public-facing email address linked to the plant, for example, but would not touch its reactors or other sensitive equipment.

The former officer of the National Technical Research Organisation, Singh, also noted that he never said anything about possible culprits, because “false flags are so goddamn easy.”

Read full article here…

Additional source:

https://www.indiatoday.in/india/story/kudankulam-nuclear-power-plant-cyber-attack-dtrack-lazarus-1613689-2019-10-29