India has confirmed its newest nuclear power plant was the victim of a cyber attack, exposing the vulnerability of one of the country’s most critical sectors to cyber espionage. The Kudankulam nuclear power plant was hacked using malware designed for data extraction linked to the Lazarus Group, cyber experts said. The group is known to have ties to two North Korean backed groups.
The Nuclear Power Corporation of India Limited confirmed on Wednesday that malware had been identified in the system but said that it was “isolated from the critical internal network”. Its assessment is disputed by cyber security experts who say critical information was compromised. NPCIL operates 22 commercial nuclear power reactors in the nation with a capacity of 6,780MW, according to the corporation.
News of the hack first surfaced when VirusTotal, a virus scanner site owned by Google parent Alphabet, flagged a data dump related to the India malware.
Indian security officials have known about the hack since September, according to Pukhraj Singh, a private cyber security consultant who used to work at the National Technical Research Organisation, India’s equivalent to the US National Security Agency. He said he alerted the government himself after receiving a tip about the virus.
“The attackers gained a very privileged vantage point in the network,” said Mr Singh. “This should be a wake-up call for India and that’s an understatement.”