India has confirmed that its newest nuclear power plant was the victim of a cyber attack, exposing the vulnerability of one of the country’s most critical sectors to cyber espionage, Indian media reported.
According to Indian media reports, the Kudankulam nuclear power plant was hacked using malware designed for data extraction linked to the Lazarus Group, cyber experts said. The group is known to have ties to two North Korean backed groups.
In a press release, The Nuclear Power Corporation of India Limited (NPCIL), Associate Director A. K. Nema stated, “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In [India’s national computer emergency response team] when it was noticed by them on September 4, 2019.”
North Korean hackers have been blamed for the 2014 Sony Pictures hack and for the global WannaCry attack three years later. They have also been accused of conducting a series of bank heists, and more recently, much smaller, higher frequency raids on stores of cryptocurrency.
The Modi-led government failed to address the rumours. An opposition Indian lawmaker took to social media demanding an explanation for the reports. He said, “If a hostile power is able to conduct a cyber attack on our nuclear facilities, the implications for India’s national security are unimaginable.
“The government owes us an explanation,” he added.