A maior usina nuclear da Índia, a usina nuclear de Kudankulam, sofreu um ataque no início deste ano. Inicialmente, o Projeto de Energia Nuclear de Kudankulam negou o ciberataque ocorrido.
A notícia está a circular no twitter após o investigador Pukhraj Singh notificar o incidente.
Pukhraj Singh said that “Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.” He also added that he notified the incident to National Cyber Security Coordinator( NCSC) on Sep 4.
So, it’s public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit. https://t.co/rFaTeOsZrw pic.twitter.com/OMVvMwizSi
— Pukhraj Singh (@RungRage) October 28, 2019
A invasão foi detetada por uma empresa terceirizada de segurança e a empresa logo entrou em contato com Pukhraj Singh, que notificou o incidente à NCSC e as IoCs identificadas.
According to the notice from KKNP, on 29/10/2019, states that “This is to clarify Kudankulam Nuclear Power Plant(KNPP) and other Indian Power Plant Control Systems are stand-alone and not connected to outside cyber network and internet. Any cyber-attack on the Nuclear Power Plant Control System is not possible,”
- Keylogging
- Retrieve browser history
- Gather host IP addresses, information about available networks and active connections,
- List all running processes,
- List all files on all available disk volumes.
O malware também inclui módulos adicionais que permitem que um invasor obtenha acesso remoto ao sistema e pode upload/ download ou executar ficheiros.
O malware tem sido atribuído ao grupo de hackers da Coreia do Norte “Lazarus Group”.
Attached pic is data collection from #KKNPP #Dtrack malware (a few other bits not pictured).
– Local IP, MAC, OS install information (including registered org) via registry
– Browser history
– Connectivity to local IP
– Compspec, ipconfig, netstat infovia @a_tweeter_user https://t.co/7LqEhNOom2 pic.twitter.com/qKIVzvbQbV
— Kevin Perlow (@KevinPerlow) October 28, 2019
Congress MP Shashi Tharoor demanded an explanation from the government on Twitter: “This seems very serious. If a hostile power can conduct a cyber attack on our nuclear facilities, the implications for India’s national security are unimaginable. The Government owes us an explanation.”
This seems very serious. If a hostile power is able to conduct a cyber attack on our nuclear facilities, the implications for India’s national security are unimaginable. The Government owes us an explanation. https://t.co/5NokFcQFWs
— Shashi Tharoor (@ShashiTharoor) October 29, 2019
The report also confirms that the attack limited within the administrative network and the critical systems are air-gapped that are isolated from the administrative networks.“Identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019.”