In a significant admission on Wednesday, the Indian government-owned Nuclear Power Corporation of India Limited (NPCIL) confirmed that one of its systems at its nuclear plant in Tamil Nadu state had been infected by malware.
“Identification of malware in the NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on 4 September 2019”, a senior NPCIL official said in a statement.
Department of Atomic Energy (DAE) specialists were immediately brought in to investigate the matter, the official further said, adding that “the infected PC (personal computer) belonged to a user who was connected in the Internet-connected network used for administrative purposes”.
Located off the Bay of Bengal in the State’s Tirunelveli district, the power plant is the largest nuclear power station in India.
The KKNPP is scheduled to have six VVER-1000 water energy reactors built through a joint venture between Russia’s Atomstroyexport and the NPCIL. Once all six nuclear plants are built, they will generate 6,000 megawatts of electricity.
On Tuesday, social media was filled with speculation of a cyber-attack being launched on the nuclear plant's systems, with some netizens murmuring about a spy virus infection.
Rejecting the rumours, a Kudankulam Nuclear Power Project spokesperson stated that the plant’s control system is stand alone and not connected to any cyber network or the Internet outside its periphery. "Any cyber-attack on the nuclear power plant control system is not possible".
Several people, including Indian politician Shashi Tharoor, took to social media on Tuesday to voice their concerns over the alleged mishap.
On Wednesday, NPCIL’s Associate Director A.K. Nema, however, confirmed the malware had been isolated from the critical internal network of the plant. “The networks are being continuously monitored. Investigation also confirms that the plant systems are not affected”.
R. Ramdoss, the training superintendent and information officer at the power plant, said: "Presently, KKNPP Unit-1 & 2 are operating at 1000 MWe and 600 MWe respectively without any operational or safety concerns".
According to the Russian anti-virus and cyber security company Kaspersky, DTrack is a variant of a malware known as AMDTrack that is able to download files to infected systems, record key strokes, and conduct other actions similar to remote controlling the infected systems.
The cyber security firm said its list of functions define it as a "spy tool".