India has finally admitted that malware attributed to North Korea was found in its most powerful station, the Kudankulam Nuclear Power Plant.
Officials at Kudankulam had initially denied that it was a victim of the cyber attack, as they said in a statement that it was 'impossible'. The statement added that the control systems network is isolated from the plant's administrative network.
However, after initially denying, government-run Nuclear Power Corporation of India Limited (NPCIL) has now confirmed that it identified malware in one of its computers last month. However, NPCIL said that its plant systems were unaffected, Indian media reported.
"Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In [India's national computer emergency response team] when it was noticed by them on September 4, 2019," NPCIL Associate Director A. K. Nema said.
He further said investigation reveals that the infected PC belonged to a user who was connected in the internet network used for administrative purposes. "This is isolated from the critical internal network," he added.
The malware, which has been identified by researchers as North Korea's Dtrack, was reported by Pukhraj Singh – a cyber security professional, to have gained ‘domain controller-level access' at Kudankulam. Dtrack is the same malware which was tied to North Korea's Lazarus threat group by researchers based on code shared with DarkSeoul. The malware attack wiped hard drives at South Korean media companies and banks in 2013.