Indian Confirms Nuclear Power Station Hack

Indian officials have confirmed that its newest nuclear power plant has been hacked, in a worrying compromise of critical infrastructure of a nation state.

The confirmation that the Kudankulam nuclear power plant in India had been hacked came in an admission from the Nuclear Power Corporation of India Limited (NPCIL) on Wednesday.

News of the hack had first surfaced when VirusTotal, a virus scanner site owned by Google parent Alphabet, flagged a data dump related to the India malware.

Power Station Hack

According to the Financial Times, the Kudankulam nuclear power plant was hacked using malware designed for data extraction linked to the Lazarus Group, a North Korean hacking group.

The Lazarus cyber criminal gang is notorious for a host of attacks since 2009 against targets in the US and South Korea, including the high-profile cyber attack on Sony Pictures and the theft of $81 million (£647m) from the Bangladesh Bank’s US Federal Reserve.

The NPCIL said that “the identification of malware in NPCIL system is correct” after it was noticed back in early September.

“The matter was immediately investigated by DAE specialists,” it said. “The investigation revealed that the infected PC belonged to a user who was connected in the Internet connected network used for administration purposes. This is isolated from the critical internal network. The networks are being continuously monitored.”

“Investigation also confirms that the plant systems were not affected,” it concluded.

NPCIL operates 22 commercial nuclear power reactors in India.

And security experts warned that it is essentially that power plant’s cyber defences needs to be highly secured.

“Critical national infrastructure is a lucrative target for cyber hackers,” said Stuart Reed, VP Cyber at Nominet. “Not only can an attack disrupt services that have a nation-wide impact but data is often highly sensitive and valuable.”

“The attack on India’s nuclear power plant is particularly worrying given it should have had the newest and most secure network,” said Reed. “It is fundamental that those responsible for the provision of critical infrastructure are taking the necessary steps to defend themselves from attackers.”

“They need a layered approach to cybersecurity, all the way down to a network level,” he added. “By tapping into the ubiquitous DNS layer for network detection and response, for example, security teams can use their existing infrastructure to identify malicious traffic entering and leaving their network early, allowing them to quickly take steps to mitigate the impact of an attack before damage is done.”

Nuclear hacks

This is not the first time that nuclear power plants have been attacked.

In July 2017, the US Department of Energy (DOE) acknowledged a campaign of attacks that targeted a number of energy companies, including at least one nuclear plant.

In 2016 a German nuclear power plant in Bavaria admitted that its systems were riddled with malware, and it was shut down as a precaution

In 2015 a hacker managed to hack into the systems of a nuclear power plant in South Korea. A computer worm was later discovered in a device connected to the control system, but the plant operator insisted that the breach had not reached the reactor controls itself.

The hacker later posted files from the hack online, and included a demand for money.

The Stuxnet virus meanwhile is know to have caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran.

A German steelworks also suffered “massive damage” after a cyber attack on its computer network in late 2014.

In April this year Kaspersky Lab have warned about the scale of cyber attacks against Industrial Control System (ICS) computers around the world.

Do you know all about security? Try our quiz!