Sunday, December 22, 2024
HomeNews ReportsWas Kudankulam Nuclear Power Plant hacked by North Koreans? Read about the allegations and...

Was Kudankulam Nuclear Power Plant hacked by North Koreans? Read about the allegations and the denial by officials

The statement issued by the Kudankulam Nuclear Power Plant said that KKNPP and other Indian Nuclear Power Plant Control Systems are stand-alone, they are not connected to outside cyber network and internet

Kudankulam Nuclear Power Plant has denied rumours that the facility had come under cyber-attack. A statement issued by the Training Superintendent and Information Officer R Ramdoss said that some false information is being propagated on social media platforms, electronic media and print media.

Rumours of cyber-attack on the Kudankulam Nuclear Power Plant were spread on social media after cybersecurity expert Pukhraj Singh had made the allegations. He had tweeted that attackers had gained Domain controller-level access at the Nuclear Power Plant. He said that Extremely mission-critical targets were hit in this attack.


Pukhraj Singh, who had played an instrumental role in setting up the National Technical Research Organisation, the technical intelligence agency of India, a third party had detected the unauthorised intrusion who had contacted him about the issue. He said that he, in turn, informed the National Cyber Security Coordinator about the report of the attack on September 4th. Singh said that later the incident was reported by cybersecurity and anti-virus provider Kaspersky, who called it DTrack.

An unnamed cybersecurity expert and Twitter user posted logs of data allegedly mined during the attack.


The logs show that the systems were infected with DTrack malware. According to Kaspersky, this is a remote access Trojan which has been targeting banks in India for over a year. This is a dual-use malware which can steal data as well as can work as a cyberespionage tool. DTrack has been linked with North Korea’s Lazarus Group, a cybercrime group. According to the logs, the malware recorded keylogging, local IP addresses, mac addresses, operating system information, browser history, network configuration information, running processes, a listing of all files on all disks etc and sent the same to its creators.

Social media users quickly connected the reports of cyber-attack with a report this month saying that the second 1,000 MW nuclear power unit at Kudankulam had stopped operating. It was reported that the plant had stopped generating power due to “steam generation level low”.

Although the alleged log of the so-called cyber-attack show data being stolen from the plant, it does not show any command being sent to disrupt operations. Therefore, the stopping of operations may not be linked to the attack, even it had happened.

Kudankulam Nuclear Power Plant
Statement issued by Kudankulam Nuclear Power Plant

But the authorities have now denied all these speculations. The statement issued by the Kudankulam Nuclear Power Plant said that KKNPP and other Indian Nuclear Power Plant Control Systems are stand-alone, they are not connected to outside cyber network and internet. Therefore, any cyberattack on the plant is not possible. The statement also said that currently, KKNPP units 1 and 2 are operating at 1000 MWe and 600 MWe without any operational or safety concerns.

Reacting to the denial, Pukhraj Singh said that he had informed National Cyber Security Coordinator Lt Gen Rajesh Pant about the intrusion on September 4th. He said that follow up emails were exchanged between them, and the issue was acknowledged by authorities. Singh refused to divulge further details citing privacy.


Singh also clarified that the domain controller of KKNPP was compromised, not the control system, and both are different.

Due to the security risk, control systems of nuclear power plants run on ‘air-gapped’ networks, which means the internal networks are not connected with outside networks and the Internet. Hence a direct cyber-attack on such plants is not possible. But such attacks are possible if the systems are infected by the malware from inside the plant.

In the famous attack on Iranian nuclear power station by USA and Israel, the Stuxnet malware was introduced into the internal systems via a USB flash drive by a mole recruited by CIA and Mossad, it was not attacked using the internet as that was not possible. Stuxnet was a highly sophisticated malware which was executed by a very high-level joint USA-Israel operation, with ground support from their respective spy agencies. The operation was also assisted by a few other European nations, including Germany and the Netherlands. It is not known whether North Korea possess such capabilities to target Indian nuclear power plants.

Join OpIndia's official WhatsApp channel

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Searched termsnuclear power
OpIndia Staff
OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Related Articles

Trending now

- Advertisement -