N K orean hackers targeted Tamil Nadu nuclear plant

NEW DELHI: A non-profit intelligence organisation in
South Korea has shared “evidence” online claiming that the malware attack on the administrative network of Tamil Nadu’s Kudankulam
Nuclear Power Plant (KNPP) was done from
North Korea. Problem Makers Lab (IML) likewise claimed that the North Korean hackers targeted a number of leading Indian nuclear researchers, including former Atomic Energy Commission chairman and ex-BARC director Anil Kakodkar and former chief of
Atomic Energy Regulative Board S A B hardwaj through “malware-laced’ emails. “Through them, hackers can contact anyone in India’s nuclear energy sector with trusted relationship,” the Seoul-based group stated.

The South Korean intelligence group likewise stated that “one of the hackers is utilizing a North Korean self-branded computer system produced and utilized only in North Korea. And the IP used by one of the hackers was from Pyongyang, North Korea. This is more valuable than malware,” it wrote.

In its tweets, IML appears to recommend that the purpose of the malware attack was “espionage”. “North Korea has actually been interested in the thorium-based nuclear power, (sic) which to change the uranium nuclear power. India is a leader in thorium nuclear power technology. Since last year, North Korean hackers have continually tried to attack to get that info,” IML wrote.

On being called, Department of Atomic Energy (DAE) spokesperson Ravi Shankar told TOI that “Considering the level of sensitivity of the matter, DAE will first check the accuracy of such tweets and will then react.” Kakodkar told TOI, “I have to very first figure out what are in the tweets and then I will be in a position to respond.”

IML creator Simon Choi told TOI that they will talk about the findings soon at a security conference. “We have been monitoring North Korean hackers since 2008. We were watching the hacker that made the attack,” he said.

North Korea’s Kimsuky Group tried to steal details on the latest style of innovative heavy water reactor (AHWR), an Indian style for a next-generation nuclear reactor that burns thorium into the fuel core, IML had tweeted in April.

Given India’s large resources of thorium, a effective advancement of AHWR technology might considerably modify the possible of civil nuclear power in India. Union minister for atomic energy Jitendra Singh had earlier told Lok Sabha that AHWR technology will be practical by 2020 s.

The South Korean intelligence group has been making revelations about the North Korean hackers through a series of tweets since October 31, just a day after Nuclear Power Corporation of India Ltd (NPCIL) validated “the recognition of malware in NPCIL system is right”. NPCIL, in an official declaration on October 30, stated the matter was examined by the DAE.

“There are usually 2 networks in such facilities, one for routine usage and one for nuclear equipment. These two networks are completely segregated. It appears like the administrative IT network or the domain controller was compromised. It does not mean that the reactor is impacted,” said cybersecurity specialist Pukhraj Singh, one of the first to raise concern about the cyber attack at KNPP after a third-party contacted him.

According to IML, their analysis reveals that there were numerous hackers, consisting of “hacker group B”, which uses a 16- digit password – dkwero38oerA^t@# – to compress a list of files on an infected PC. They have used the exact same password for numerous attacks given that 2007, it wrote. One of the aggressors also consisted of a group that infiltrated the South Korean military’s internal network in 2016 and took classified details, it included.

Singh told TOI that the purpose of the malware appeared to be info theft, but the very same modus operandi could have been used to deploy a damaging wiper, the purpose of which, he added, is to clean out the content of a tough drive it contaminates.

“THIS IS IT. The espionage toolchain linked to a damaging wiper. The invasions weren’t devastating since the star decided against it. We were at its grace. It’s not about airgaps or how awesomely safe reactors are, it’s about the total lack of a deterrence method,” he wrote on Twitter, while pricing quote a tweet from IML that analyses the malware used to make the attack on KNPP.