Kudankulam Nuclear Power Plant (Kknpp) Cyber ​​security incident: what happened in 2019?

(To Alessandro Rugolo)
29/04/20

Leafing through an Indian report on the use of new technologies in the defense sector, I came across a short article about the investigations conducted at the Kudankulam Nuclear Power Plant, in India, following a cyber incident that occurred at the end of October 2019. perhaps it has been underestimated in Italy but in my opinion it deserves a brief study.

Everyone knows the history of the cyber attack on the Iranian uranium enrichment site (Stuxnet) and it is intuitive enough to understand the damage that an attack on a nuclear power station could cause, so we believe it is appropriate to make known what is happening in the world.

The Kudankulam nuclear power plant is the largest Indian nuclear power plant, belongs to the government company Nuclear Power Corporation of India Limited (NPCIL), and is located in the Tirunelveli district, in the state of Tamil Nadu. Construction of the plant began in 2002, the first two units started producing electricity in 2013 and 2016, and two more units are under construction. The construction project dates back to a 1988 agreement between India and Russia and the Russian company Atomstroyexport, a subsidiary of the more famous Rosatom.

The news of a compromise of the plant's systems emerged on social media but the company initially denied the incident. On October 30, 2019, the company adjusted its position, admitting the accident.

According to the NPCIL, only a PC connected to the Internet for administrative reasons, immediately isolated, was compromised. The internal network for managing the plant was not compromised.

The attack was attributed to the Dtrack RAT virus, usually employed by the North Korean group Lazarus Group as an espionage tool for collecting data from infected systems.
The accident had already been reported to the relevant governmental bodies by the Indian security researcher and analyst Pukhraj Singh as of 4 September.

A strange coincidence led to one of the two reactors being shut down on 19 October.

How did the government say with one Press Release at the end of November in which he states that there has actually been an attack, conducted through the administrative network of the exchange, connected to the Internet. The control system of the Central was not affected by the virus. The investigations were conducted by the Computer & Information Security Advisory Group (CISAG) -DAE in coordination with the Indian Computer Emergency Response Team.

Some brief considerations:

  1. The company's first reaction was to deny what happened, and this speaks volumes about his behavior. Denying without even investigating cannot be considered serious and responsible behavior by those who manage a potentially dangerous system. 
  2. After denying the incident, they went on to admission, saying however that false information had been circulated on social networks and that it is not possible to attack the "Nuclear Power Plant Control System". Even this second statement is at least risky, in fact we are more than convinced that nothing is now impossible, but above all that too much certainty of invulnerability in this sector is a harbinger of underestimation and misfortune.
  3. How come the accident was not mentioned in our area? Maybe pretending nothing takes away the danger? I'm sorry, we are firmly convinced that problems are solved by facing them and the first step is to talk about it, get informed, study ...

To learn more:
https://www.timesnownews.com/india/article/cyber-attack-targeted-kudanku...
https://www.indiatoday.in/india/story/kudankulam-nuclear-power-plant-dtr...
https://gbhackers.com/kudankulam-cyberattack/;
https://www.news18.com/news/tech/cyber-attack-on-kudankulam-nuclear-plan...
https://pib.gov.in/Pressreleaseshare.aspx?PRID=1592498

Photo: IANS