The officials at the nuclear plant and ISRO were made aware of the security breach on 4 September

After the nuclear power plant in Kudankulam, Tamil Nadu was hacked and the data made available online, a report has revealed that the Indian space Research Organisation (ISRO) was also made aware of a possible breach in their cyber security.

According to The Indian Express, on 3 September the National Cyber Coordination Centre, that was set up to help the country deal with malicious cyber activities and cyber warfare, received information from a US-based cyber-security company that a “threat actor” had breached master “domain controllers” at the Nuclear Power Corporation of India Limited’s (NPCIL) Kudankulam nuclear plant as well as ISRO, with malware. The malware was later identified as Dtrack and the officials at both these government agencies were informed about these security breaches on 4 September, two days before the scheduled Chandrayaan 2 moon landing attempt.

Dtrack is a virus that has been developed by a North Korean hacker group called Lazarus. It allows hackers to get complete control over a device and they can extract data, remotely. Dtrack RAT (remote administration tool) can infiltrate systems with weak network security policies and password standards. Once implemented, it can access all available files and running processes, key-logging, browser history and host IP addresses, including information about available networks and active connections.

The nuclear power plant and ISRO were reportedly hacked sometime in the month of September. ISRO has not officially confirmed or denied the attack.

The motivation behind the NPCIL hack might be found in tweets from IssueMakersLab, a non-profit intelligence organisation that tracks cyber warfare originating from North Korea. They claim that North Korea is interested in thorium-based nuclear power and since India is leading the research in this field, we make for the most likely target. Indian physicists working in the thorium nuclear field have been attacked as well.

NPCIL originally claimed that a hack was impossible, but later admitted to having found the malware on internal systems.