The entity said in a statement that it was notified about the incident by Indian Computer Emergency Response Team (CERT-IN) on September 4, noting its plant systems had not been affected: According to the statement, only one of the administrative computers was affected. It is speculated that this D-track type of malware is the same as that used by North Korean hackers to target Indian ATM systems in September. The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. The investigation also confirms that the plant systems are not affected. The attack used malware to access the domain controller account that grants access and authenticates requests from other computers in the network. A report by Indian Express suggests, the National Cyber Security Council (NCSC) formed a committee that visited the site mid-September and submitted an advisory this month to the KKNPP officials.
– Local IP, MAC, OS install information (including registered org) via registry– Browser history– Connectivity to local IP– Compspec, ipconfig, netstat info via @a_tweeter_user https://t.co/7LqEhNOom2 pic.twitter.com/qKIVzvbQbV — Kevin Perlow (@KevinPerlow) October 28, 2019 Cybersecurity expert Pukhraj Singh informed National Cyber Security Coordinator, Lt Gen Rajesh Pant, on September 4, and he acknowledged the issue. The KKNPP denied yesterday that any of its control systems were hit. While critical systems were not affected, it’s shocking that malware used for ATM machines can be used to get into the admin systems of a nuclear plant. Hackers might not be able to manipulate control systems, but they can certainly use malware to steal data or infect other computers in the network. This also highlights the lack of adequate security measures for computer systems in critical places. To avoid future attacks, plant administrators must ensure security protocols are more stringent.
