12 November 2019 PAGE - 1 129 / 19 12 November 2019 SUPPOSED CYBER ATTACK ON KUDANKULAM NUCLEAR INFRASTRUCTURE - A BENIGN REM INDER OF A POSSIBILE REALITY Dr. E. Dilipraj Research Fellow, Centre for Air Power Studies It all started with the following tweet posted from the twitter handle “@a_tweeter_user” on October 28, 2019: “Interesting potential DTRACK (CC @M ao_Ware ) Dumps the data mined output via manually mapped share over SM B to RFC1918 address with a statically encoded user/pass: > net use \\\\10.38.1.35\\C$ su.controller5kk / user:KKNPP\\administrator” Quoting the above tweet, another twitter user named Mr. Pukhraj Singh with the twitter handle @RungRage made the following tweet on October 28, 2019: “So, it’s public now. Domain controller-level access at Kudankulam Nuclear Power Plant. The government was notified way back. Extremely mission-critical targets were hit.” Posting the tweet was only the delay, as Indian mainstream media as well as social media became frenzy about cybersecurity of the nuclear power plant in Kudankulam. News started spreading since late hours of October 28, 2019 that Kudankulam Nuclear power plant had been a victim of cyber-attack in September 2019 with a malware tool known as ‘DTrack’ and the perpetrators were alleged to be a hackers group called ‘Lazarus’ based from North Korea. Earlier news that the second plant in the infrastructure at Kudankulam was temporarily stopped on October 19, 2019 due to technical snag 1 , was correlated by the media and the blame for the technical snag was quoted as the alleged cyber- attack. In order to diffuse the escalating fear psychosis that was being propagated through print, electronic as well as online media regarding the alleged cyber-attack on kudankulam nuclear plant, authorities responsible for the infrastructure released a press release on October 29, 2019. The statement clarified that: “Any cyber attack on the Nuclear Power Plant Control System is not possible. Presently KKNPP Unit-1&2 are operating at 1000MWe and 600Mwe respectively without any operational or safety concerns” . 2 Despite the clarification, the excitement in the media and among the public, related to a possible cyber-attack did not reduce. However, Nuclear Power Corporation of India (NPCIL) made an official statement on October 30, 2019 that “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In [Indian Computer Emergency Response Team] when it was noticed by them on September 4, 2019. The matter was immediately investigated