After denying reports of a system malware infection Tuesday, the Nuclear Power Corporation of India Limited (NPCIL) admitted yesterday that it had indeed been hacked.
“Identification of malware in NPCIL system is correct,” read a Wednesday statement. “The matter was conveyed by CERT-In [India’s national computer emergency response team] when it was noticed by them on September 4, 2019.”
The hack represents yet another example of broad infosec vulnerabilities in critical power systems. Hacker groups have previously infiltrated power grids in Europe and North America in the past. In 2017, hackers targeted nuclear facilities in the U.S. as well.
“The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network for administrative purposes,” the statement read. It also claimed the hack was “isolated from the critical internal network,” and that plant systems were not affected.
North Korean Malware
The malware identified as a version of “Dtrack,” which is backdoor trojan software reportadly developed by the Lazarus Group, North Korea’s state-owned hacking unit. It was first discovered by the Kaspersky Global Research and Analysis Team in September and can be used to upload and download files to target systems.
And there may other targets as well. Threat analyst Pukhraj Singh, who reported the breach to India’s National Cyber Security Coordinator, called the malware attack a “casus belli” — an act of war — in an interview with Ars Technica thanks to a still unknown “second target, which I can’t disclose as of now.”
READ MORE: Indian nuclear power plant’s network was hacked, officials confirm [Ars Technica]