Kudankulam Nuclear Power Plant

The Kudankulam Nuclear Power Plant is a nuclear power generation facility located in India. Its core function involves generating electricity using nuclear reactors. In September 2019, malware attributed to the North Korean Lazarus Group was discovered on the plant's administrative network. Initial official denials were later contradicted by confirmation from the plant's parent organization. This malware, identified as Dtrack, was specifically designed for reconnaissance and data collection activities. Analysis revealed the malware contained hardcoded credentials tailored to the facility's internal administrative systems, indicating targeted reconnaissance capabilities.

The Dtrack malware infection was detected externally through analysis of a sample uploaded to the VirusTotal platform. Investigations determined the malware possessed functionalities including keylogging, process enumeration, and network mapping, suggesting objectives of espionage or preparation for potential payload delivery. Crucially, the incident did not compromise the plant's operational control systems due to the isolation separating the administrative network from critical operational technology. This incident was part of broader Lazarus Group campaigns targeting Indian entities, particularly financial institutions, with the Kudankulam compromise assessed as likely accidental exposure rather than deliberate sabotage. Authorities were notified promptly following the discovery.