After speculation about the malware attack on Kudankulam Nuclear Power Plant in Tamil Nadu having been deployed from North Korea, an expert group of South Korean malware analysts have shared evidence and analysis to corroborate the claims.
Among the key claims made by IssueMake Labs, a not-for-profit organisation of cyber security experts, in a series of tweets was that the possible reason behind the attack was to obtain information about thorium-based nuclear power.
“India is a leader in thorium nuclear power technology. Since last year, North Korean hackers have continuously attempted to attack to obtain that information.”
The experts also claimed that as part of their analysis of the DTrack malware, used to attack the nuclear power plant, North Korean hacker groups had attempted to hack senior nuclear scientists including Anil Kakodkar, S A Bhardwaj as well through malware-laced emails.
On 30 October, Nuclear Power Corporation of Indi confirmed in an official statement that “the identification of malware in NPCIL system is correct.”
What Evidence Do South Korean Experts Have ?
In a series of tweets since 30 October, the Lab has shared the following information:
- One of the hackers who attacked India's nuclear energy sector is using a North Korean self-branded computer produced and used only in the North Korea.
- And the IP used by one of the hackers was from Pyongyang, North Korea.
- A composite history of the malware deployed allegedly by North Korean “hacker group B”
- A 16-digit string – dkwero38oerA^t@# – as the password that malware uses to compress a list of files on an infected PC. They have used the same password for multiple attacks since 2007.
- Multiple hacker groups joined to deploy the malware attacks on KKNPP.
- Verified the authenticity of the DTrack malware code used allegedly by the North Korean hackers. The experts claimed that the same malware was deployed on South Korean military's internal network in 2016 and had stolen classified information.
Cybersecurity expert Pukhraj SIngh, who was the first to raise alarm bells about the cyber attack at KKNPP, told The Quint about the South Korean “IssueMaker Labs have an impeccable record and have tracked the actor and its campaigns for long and have generated an informed intelligence assessment and timelines of its evolution”.
Sharing IssueMaker Labs’ tweet, Singh stated that the evidence provided exposes “the complete absence of a deterrence strategy.”
‘Exposes India’s Lack of Deterrence Strategy’
“There is an absence of both the dimensions of deterrence – deterrence by denial and deterrence by punishment. The other thing to remember is that North Korean and Chinese cyber operations are joined at the hip,” Singh added.
In his tweet, Singh described the DTrack malware family to be linked to a "destructive wiper", stating that “we were at its mercy.”
Elaborating on this, he told The Quint that “the remit of the actor was technology theft, but a motivated adversary hell bent on power projection would have just waltzed in too.”
Nuclear Scientists Targeted By North Korea: Experts
Among the key new developments in the NKPP attack was evidence shared by the Lab on hack attempts on two of the senior most nuclear scientists in the country. Anil Kakodkar, former director of Bhabha Atomic Research Centre and Chairman of Atomic Energy Commission of India.
The other target allegedly was S A Bhardwaj, former chairman of the Atomic Energy Regulatory Board.
When contacted by The Quint about whether he had been contacted by the Nuclear Power Corporation of India or CERT-In, Kakodkar said, “I have got no such information yet. I don’t know of any such email”.
The Quint has reached out to authorities and will update the copy as and when we get a response.