Indian based power plant was the subject of a virus cyber-attack, the Kundakulam Nuclear Power Plant in Tamil Nadu officials discovered a breach in its network but did not suffer any critical damage. Despite the previous denial of KKNPP’s cyberattack, its officials came out to report that their systems were breached.

Initially, executives stated that the KKNPPs and NPCILs control systems are set apart from other network systems and the possibility of an attack was highly unlikely.

The KKNPP is the largest of 22 nuclear power plants in India, capable of producing 2000 megawatts that are directed into India’s southern grid.

The plant holds Theo VVER pressurized water reactor cores. The KKNPP has plans to increase two more cores that will make it the largest power plant in the region.

On 4th September, the cyber attack was noticed by India’s national cybersecurity agency, the Computer Emergency Response Team CERT-In. Upon investigation, it was discovered that a user the meteor had been accessed by an employee’s malware-infested computer.

Although the plant’s administrative network is off then grid, a newspaper reported that there might be a second more imminent threat.

In a recent reveal by virus total, a virus scanning website from the alphabet, showed that the plant lost significant amounts of data during the attach. If this was true, following cyber-based attaches couple proves fatal as they would be potentially aimed at its primary systems.

These would be critical, especially when the computers run the operational activities. Cyber terrorists could use this leak to their advantage to launch attacks, cause sabotage, steak nuclear materials, or a possibly intimate a reactor meltdown. For a country like India being so populated, such a scenario would be disastrous.

With the NPCIL in denial, it stated that a cyber attack on the system was not possible due to it exists away from the network grid. They relayed their confidence in the security in their system, assuring the public that it was not a hack.

However, cybersecurity experts implore that the isolation called an air gap is not sufficient in guaranteeing that the network is secure. They flutter reveals that it could be a potential risk factor. The cyber stuck has therefore shown the complacency and of cybersecurity in Indian nuclear power plants or the negligence on the vulnerability of its network.

Air gaps are not effective against targeted cyber attacks, as is speculated to be the case for the NPCIL.

There are speculations, however, whether Korea instigated the attack. Upon investigation, the virus that attacked the plant was similar to the D-TRACK cyber virus that was made by the Korean-linked Lazarus group. India is in good diplomatic relations with Korea. Thus there would be undesirable effects should such a claim come out.

