Three weeks after a cyber attack on India’s largest nuclear plant in Kudankulam, Tamil Nadu, was confirmed, Jitendra Singh, Minister of State in The Prime Minister’s Office acknowledged the same in Parliament.
This was the first acknowledgement of the malware attack by the Prime Minister’s Office since the incident was first reported in the media on 29 October. The Kudankulam Plant comes under the Nuclear Power Corporation of India (NPCIL) which is under the Department of Atomic Energy, administered directly by the PMO.
Responding to separate questions from a number of MPs including Congress’ Gaurav Gogoi and NCP’s Supriya Sule, Singh admitted that “a malware infection was identified in NPCIL KKNPP (Kudankulam Nuclear Power Plant) Internet connected system.”
Echoing the statement made on 30 October by the Nuclear Power Corporation of India (NPCIL), Singh responded in a written response to Sule that “the malware infection was identified on KKNPP administrative network used for day to day administrative activities. The affected system contains data related to administrative function.”
The minister’s response, however refrains from making any mention of North Korea’s role in the attack or strong claims made by cybersecurity experts that technology-related data was stolen from the plant during the attack.
Earlier on Wednesday, responding orally to Gogoi’s remark that it was “highly unfortunate... that we cannot keep even our nuclear plants safe from foreign attacks”, Singh appeared to assure the Lok Sabha that the nuclear plant was safe.
“But I think what is the matter of great relief for all of us is that if at all an error like this or a fault like this happened it happened only in the internet circuit of the administrative block. Not per se in the nuclear plant premises or in the nuclear plant circuit.”
Two Important Omissions In PMO Acknowledgement
However, Singh made two notable omissions in both his oral as well as written replies.
North Korea Responsible: He made no mention of the source of the attack. Many independent cyber security experts have claimed with evidence that the servers used to deploy the malware was hacked and used by hackers from North Korea.
No Mention of Data Theft: He made no mention of the damage caused by the attack. South Korea-based Simon Choi, who heads an expert group of malware analysts, had told The Quint that they had found evidence that data was indeed taken from the KKNPP in the attack.
'What Is The Source Of The Attack?': MP Gogoi
Earlier on Wednesday, after Singh responded to separate questions on the fuel storage facility at Kudankulam Nuclear Plant, Gogoi, by way of a supplementary question, asked, “What is the source of this current attack which media reports alleged that is linked to North Korea?”
“It is highly unfortunate that when we talk about digital India and smart city that we cannot keep even our nuclear plants safe from foreign attacks,” Gogoi said in Lok Sabha.
“I also cannot deny as he has said, that certain clarifications partly admissions were made by the department after they realised what had actually happened,” Singh stated in his oral response.
He, however, refrained from answering the question regarding the source of the attack or from making any references to North Korea.
After initial speculation about the malware attack on Kudankulam Nuclear Power Plant in Tamil Nadu having been deployed from North Korea, on 1 November, an expert group of South Korean malware analysts had shared evidence and analysis to corroborate the claims.
The Quint had reported that the cyber attack by suspected North Korea-based hackers on the Kudankulam Nuclear Power Plant in September was intended specifically for information theft and that the actors were able to steal technology-related data from the plant’s IT systems.
IssueMaker Labs, an expert group of malware analysts based in South Korea who have tracked the North Korean actors suspected to be behind the attack since 2008, told The Quint that the actors were backed by the North Korean government and stole data by deploying a malware designed for data theft.
“We have found that Nuclear Power Plant technology-related data has been taken,” Simon Choi, founder of IssueMaker Labs, had told The Quint.