North Korean hackers targeted Kudankulam Nuclear plant

Online evidences from a non-profit intelligence organization based in South Korea have claimed that the malware attack on the administrative network of Tamil Nadu’s Kudankulam Nuclear Power Plant (KNPP) was done from North Korea.

The Seoul based group Issue Makers Lab (IML) claimed that the North Korean hackers targeted several top Indian nuclear scientists, including former Atomic Energy Commission chairman and ex-BARC director Anil Kakodkar and former chief of Atomic Energy Regulatory Board S A Bhardwaj through “malware-laced’ emails. “Through them, hackers can contact anyone in India’s nuclear energy sector with trusted relationship,” the group said.

According to IML, one of the hackers is using a North Korean self-branded computer produced and is used only in North Korea. And the IP used by one of the hackers was from Pyongyang, North Korea.

In its tweets, IML seems to suggest that the purpose of the malware attack was “espionage”.

IML has tweeted that “North Korea has been interested in the thorium-based nuclear power, which to replace the uranium nuclear power. India is a leader in thorium nuclear power technology. Since last year, North Korean hackers have continuously attempted to attack to obtain that information.”

According to IML, their analysis reveals that there were multiple hackers, including “hacker group B”, which uses a 16-digit password – to compress a list of files on an infected PC. They have used the same password for multiple attacks since 2007, according to the tweet. One of the attackers also included a group that infiltrated the South Korean military's internal network in 2016 and stole classified information, it added.

The South Korean intelligence group IML has been making revelations about the North Korean hackers through a series of tweets since October 31, just a day after Nuclear Power Corporation of India Ltd (NPCIL) confirmed “the identification of malware in NPCIL system is correct.”